A couple of months ago, Nothing unveiled its new sub-brand CMF, which released a bunch of new products. This included the CMF Watch Pro model. However, it appears that a security vulnerability plagues the CMF Watch app that is featured on the partnered smartphone.

CMF Watch App may lack encryption, posing a security risk

CMF Watch Pro

The news was shared by Dylan Roussel, who is an Android developer. In a tweet, the dev claimed that Nothing is garnering attention for its glary security risks. He adds that the latest example of a vulnerability in their system comes from their new sub-brand, CMF. Apparently, the company’s CMF Watch app suffers from a major security flaw that is related to the encryption of user data. The investigations have revealed that the brand’s encryption process for the user’s email address and password is not functioning properly.

This means that the sensitive information is at risk. Dylan adds that the major security risk is still affecting the CMF Watch app, with user’s login credentials still being vulnerable. Nothing’s current app system lacks robust encryption for sensitive information, enabling easy access to decryption data with the application. This vulnerability was first discovered by Roussel back in September.

Nothing has worked on fixing this issue, but it seems that the encryption for the email and password are still vulnerable. The Android developer had even reached out to the brand directly, although there was no proper communication established after the first exchange. It remains to be seen how the company addresses these glaring security risks or whether it continues to become infamous for security flaws, since even the Nothing Chats feature was recently removed from the Google Play Store over security concerns.

RELATED:

RELATED ARTICLESMORE FROM AUTHOR