The Nothing Phone (2) has stellar software in terms of the user experience, but the company is starting to develop a bit of a track record around worrying security problems, with the latest example coming from the company’s CMF sub-brand.
CMF is a part of Nothing’s brand which is focused on delivering very low-cost products, including a $69 smartwatch. That watch connects through an app that is used for setup and some controls, but that app had a worrying security problem behind the scenes.
The app itself, as Dylan initially discovered, was developed with the help of a separate company, “Jingxun.” That in itself isn’t really an issue, but the vulnerability laid a bit deeper within the app. As Dylan explains, the CMF Watch app requires users to create an account with an email address and a password, and the app then encrypts that data, which is a good thing. However, the app also left the decryption method for that data available in the app, meaning it wouldn’t take much for a malicious party to access that sensitive information.
Effectively, it made the encryption practically useless.
9to5Google assisted Dylan in reporting the issue to Nothing in September as, at the…
There's something about the balminess of summer that makes you want to let loose. And the right soundtrack makes all the difference. Mixing hip-hop and R&B with Afrobeats, dancehall, and more, here’s a playlist to take you through those warm nights. Our editors regularly update this playlist, so if you hear something you like, add it to your library and keep the party going. Listen to Apple Music