Nothing, the London-based startup founded by Carl Pei, has addressed a security-sensitive bug that affected the compassion app of the recently launched CMF Watch Pro. Per report, this vulnerability can expose the email and password a user used to sign up for the platform.
Notably, this comes just weeks after Nothing made headlines for its collaboration with SunBird to bring iMessage to the Nothing Phone 2 through the Nothing Chat app, but this was marred by controversy after SunBird was alleged to have not been following its claims of encrypting messages sent using the service, as they had claimed.
For those uninitiated, CMF is Nothing’s new sub-brand which is said to be focusing on delivering a design-first approach that doesn’t break the bank.
What is The Security Issue With the CMF Watch Pro app?
As per Dylan Roussel, a contributor to 9to5Google, Nothing allegedly partnered with another company, Jingxun, for the app, but the real problem lies with the app’s encryption, which is applied as standard to the passwords and email that users sign up with. But, at the same time, “the encryption method used also allowed anyone to decrypt the email and password with the exact same keys,” Roussel noted.
He added, “Essentially, anyone having their hands on an encrypted email and password would have been able to decrypt them, which essentially made the encryption useless.”
Company Issues Partial Fix
Dylan Roussel notes that the brand has released a part of the fix, and now, in the latest update for the support app, the company has issued a partial fix, but reportedly, the risk still remains. It has also issued a statement to 9to5Google about the same–confirming that it is working to fix the remainder of the problem.
Moreover, after this incident, the brand has also opened up an official channel where users can report security vulnerabilities to the team, so that appropriate action can be taken.
Comments
0 comment