Nothing fixed CMF Watch app vulnerability that exposed email addresses, passwords: Report

According to a report, Nothing – the UK startup led by OnePlus co-founder Cal Pei – has recently introduced a partial fix for a security vulnerability affecting the companion app for the CMF Watch Pro. The encryption-related flaw was able to expose the email address and password used to sign up for an account. The issues come weeks after Nothing’s iMessage-on-Android app was shut down amid allegations that the service did not encrypt messages and media, as advertised by Nothing and its partner Sunbird.

9to5Google contributor Dylan Roussel recently reported in a thread on And the password allowed decryption of both. With the same keys. publication reports The Android app was also found to have a means of decrypting user information, allowing anyone to view those details.

>So what’s the problem? In September, the CMF Watch app was encrypting both emails and passwords, which was great!
> But the encryption method used allows anyone to decrypt the email and password with exactly the same keys. > > – Dylan Roussel (@evowizz) 1 December 2023

In September, Roussel reported that the CMF Watch app was developed by a Chinese firm jingxunand references to the firm were visible in the app, At the time, he noted that the company’s website also lists OnePlus as one of its partners, along with Sony, Philips, and Toshiba.

Months after the vulnerabilities were reported, CMF By Nothing told the publication that it is working to fix the security flaws pointed out by Roussel – the encryption method for user passwords has reportedly been resolved, While the email address is still affected by the flaw. The company told 9to5Google that an OTA update will be released to CMF Watch Pro users to resolve the outstanding issues.

As 9to5Google reports, the company recently opened separate points of contact for the vulnerabilities with both Nothing And Nothing by CMF Products – These were not available in September when the flaws were being reported.

It’s worth noting that Nothing was recently embroiled in a privacy controversy when the company released its Nothing Chats app in beta, promising Nothing Phone 2 users access to Apple’s proprietary iMessage service. After several issues with the privacy and security of the service were raised online – including the handling of unencrypted messages and media by Nothing’s partner Sunbird – the company pulled its app from the Play Store, while Sunbird also informed users that Did that he is blocking access to his service. ,

Affiliate links may be automatically generated – see our ethics statement for details.

Follow Gadgets 360 for the latest tech news and reviews x, Facebook, WhatsApp, threads And Google News, For the latest videos on gadgets and tech, subscribe to our Youtube channel,

GTA 6 trailer just released; Will be available in 2025, platform confirmed

Crypto Price Today: Bitcoin continues to rise in value, most altcoins see losses

(TagstoTranslate)Nothing CMF Watch App Security Vulnerability Definitive Report CMF Watch App

Leave a comment