A couple of months ago, Nothing unveiled its new sub-brand CMF, which released a bunch of new products. This included the CMF Watch Pro model. However, it appears that a security vulnerability plagues the CMF Watch app that is featured on the partnered smartphone.
CMF Watch App may lack encryption, posing a security risk
The news was shared by Dylan Roussel, who is an Android developer. In a tweet, the dev claimed that Nothing is garnering attention for its glary security risks. He adds that the latest example of a vulnerability in their system comes from their new sub-brand, CMF. Apparently, the company’s CMF Watch app suffers from a major security flaw that is related to the encryption of user data. The investigations have revealed that the brand’s encryption process for the user’s email address and password is not functioning properly.
This means that the sensitive information is at risk. Dylan adds that the major security risk is still affecting the CMF Watch app, with user’s login credentials still being vulnerable. Nothing’s current app system lacks robust encryption for sensitive information, enabling easy access to decryption data with the application. This vulnerability was first discovered by Roussel back in September.
Let's talk about Nothing… again.
— Dylan Roussel (@evowizz) December 1, 2023
Before the Sunbird/Nothing chaos, I reported another vulnerability to them back in September… and another one back in August.
Let's talk about the one from September. It's about the CMF Watch app.
Nothing has worked on fixing this issue, but it seems that the encryption for the email and password are still vulnerable. The Android developer had even reached out to the brand directly, although there was no proper communication established after the first exchange. It remains to be seen how the company addresses these glaring security risks or whether it continues to become infamous for security flaws, since even the Nothing Chats feature was recently removed from the Google Play Store over security concerns.
RELATED:
- Nothing Apparel Labcoat, Cap launched with transparent design, here’s when how to purchase them
- ‘Nothing Chats’ removed from Play Store over security concerns
- Lenovo Legion Y700 2023: Save $100 on this 8-inch gaming Android tablet
- Xiaomi 13 Ultra Premium Camera Phone is now only $799
- Xiaomi 14: New flagship with snapdragon 8 gen 3 only for $599
- Best Apple Watch Cases in 2023: Spigen, Otterbox, Casetify & More