Lenovo Watch X was riddled with security bugs, researcher says

Lenovo’s Watch X was widely panned as “absolutely terrible.” As it turns out, so was its security.

The low-end $50 smart watch was one of Lenovo’s cheapest smart watches. Available only for the China market, anyone who wants one has to buy one directly from the mainland. Lucky for Erez Yalon, head of security research at Checkmarx, an application security testing company, he was given one from a friend. But it didn’t take him long to find several vulnerabilities that allowed him to change user’s passwords, hijack accounts, and spoof phone calls.

Because the smart watch wasn’t using any encryption to send data from the app to the server, Yalon said he was able to see his registered email address and password sent in plain text, as well as data about how he was using the watch, like how many steps he was taking.

“The entire API was unencrypted,” said Yalon in an email to TechCrunch. “All data was transferred in plain-text.”

The API that helps power the watch was easily abused, he found, allowing him to reset anyone’s password simply by knowing a person’s username. That could’ve given him access to anyone’s account,

 » Read More

Loading...

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

Comments

comments

Elon Musk says he is ‘confident’ people could afford to ‘sell their home on Earth’ and move to Mars on a SpaceX rocket

Elon Musk says he is ‘confident’ people could afford to ‘sell their home on Earth’ and move to Mars on a SpaceX rocket

We drove an $87,000 Jaguar I-PACE to see how it compares with a $57,500 Tesla Model 3 and a $150,000 Model X. Here’s the verdict. (TSLA)

We drove an $87,000 Jaguar I-PACE to see how it compares with a $57,500 Tesla Model 3 and a $150,000 Model X. Here’s the verdict. (TSLA)