Vulnerabilities still exist in Nothing’s CMF Watch app, (come on, Carl Pei)
Nothing’s CMF Watch app really contradicts the success that Nothing has achieved with the Nothing Phone (1) and Nothing Phone (2). The iMessage-for-Android app, built in collaboration with Sunbird, housed a vulnerability related to the company’s internal data. This vulnerability hit the headlines back in August, but it remains unresolved. Android developer and reverse engineer Dylan Roussel discovered two security issues related to Nothing. The first vulnerability was identified in September within the CMF Watch app, a product of Nothing’s collaboration with Jingxun.
The vulnerabilities still remain in the CMF Watch app
Although the app encrypts email usernames and passwords, Roussel found that the encryption method had a flaw, allowing potential decryption using the same keys. This essentially nullified the intended security provided by encryption. Nothing and Jingxun addressed the vulnerability concerning passwords. However, the ability to decrypt the email used as a username remained.
The second vulnerability, not publicly disclosed in detail, pertains to Nothing’s internal data. Although Nothing has been aware of this issue since August, the flaw has not been rectified to date.
Nothing’s recent security challenges also include the short-lived Nothing Chats app, an attempt to cater to iPhone users by offering an iMessage-like platform for Android. The app faced immediate removal from circulation due to serious security oversights.
Nothing promises to roll out a fix to the app via a future OTA update
In response to these concerns, Nothing has issued a statement to Android Authority. The company informed AA about the ongoing investigation into the security issues related to the CMF Watch app.
The company promises a fix for the identified security issues and plans to roll out an OTA update for CMF Watch Pro users once they implement a solution. Additionally, Nothing has taken a step towards streamlining the reporting process for security issues by providing a portal for vulnerability reports.
Nothing’s CMF Watch app really contradicts the success that Nothing has achieved with the Nothing Phone (1) and Nothing Phone (2). The iMessage-for-Android app, built in collaboration with Sunbird, housed a vulnerability related to the company’s internal data. This vulnerability hit the headlines back in August, but it remains unresolved. Android developer and reverse engineer Dylan Roussel discovered two security issues related to Nothing. The first vulnerability was identified in September within the CMF Watch app, a product of Nothing’s collaboration with Jingxun.
The vulnerabilities still remain in the CMF Watch app
Although the app encrypts email usernames and passwords, Roussel found that the encryption method had a flaw, allowing potential decryption using the same keys. This essentially nullified the intended security provided by encryption. Nothing and Jingxun addressed the vulnerability concerning passwords. However, the ability to decrypt the email used as a username remained.
The second vulnerability, not publicly disclosed in detail, pertains to Nothing’s internal data. Although Nothing has been aware of this issue since August, the flaw has not been rectified to date.
Nothing’s recent security challenges also include the short-lived Nothing Chats app, an attempt to cater to iPhone users by offering an iMessage-like platform for Android. The app faced immediate removal from circulation due to serious security oversights.
Nothing promises to roll out a fix to the app via a future OTA update
In response to these concerns, Nothing has issued a statement to Android Authority. The company informed AA about the ongoing investigation into the security issues related to the CMF Watch app.
The company promises a fix for the identified security issues and plans to roll out an OTA update for CMF Watch Pro users once they implement a solution. Additionally, Nothing has taken a step towards streamlining the reporting process for security issues by providing a portal for vulnerability reports.
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.