Another own goal for Nothing: vulnerability found in CMF

2023-12-06 16:43:38
Nothing is in the middle of a storm: after having fallen on hard times in November due to Nothing Chats and Sunbird and the attempt to bring iMessage to Android, it now finds itself facing another moment of embarrassment due to CMF, its sub -brand. CMF was born with the idea of ​​making design accessible without necessarily being expensive and at the same time guaranteeing a user experience focused on the main functions of the product: for this reason, the first devices he created were Bluetooth headphones, a connected watch and a charger. In fact, the problem comes precisely from his smartwatch, or rather from the smartwatch application: it seems to be affected by a security flaw and it was Dylan Roussel, a developer, who discovered it, who made the problem public with a post on X.

The developer discovered that CMF’s app was developed in collaboration with another company, Jingxun, and that it required you to create an account with an email address and password, which was then encrypted. But the real discovery was that the method of decrypting the data remained visible within the app itself, so anyone could obtain that data, thus making encryption unnecessary. He reported the Nothing vulnerability, which, however, only partially resolved the issue and continues to work to resolve it completely: password encryption has been updated, while email addresses are still at risk . This is certainly not a great calling card for an emerging brand like CMF and even less so for Nothing, which seems to choose the wrong partners to create its applications.

#goal #vulnerability #CMF

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.