Nothing Fixed CMF Watch App Vulnerability That Could Expose Email Addresses, Passwords: Report

Nothing's CMF Watch app no longer exposes password information encrypted in the app and the company will reportedly roll out additional fixes.

Advertisement
Written by David Delima, Edited by Siddharth Suvarna | Updated: 5 December 2023 12:35 IST
Highlights
  • Nothing recently partially fixed a security flaw with the CMF Watch app
  • The vulnerability could allow access to a user's username and password
  • Nothing says further fixes will be rolled out via an over-the-air update

The CMF Watch Pro was launched by the Nothing sub brand earlier this year

Photo Credit: CMF by Nothing

Nothing — the UK startup led by OnePlus Co-Founder Cal Pei — recently rolled out a partial fix for a security vulnerability that affected the companion app for the CMF Watch Pro, according to a report. The encryption-related flaw was capable of exposing email addresses and passwords used to sign up for an account. The issues have come to light weeks after Nothing's iMessage-on-Android app was shut down amid allegations that the service did not encrypt messages and media as advertised by Nothing and its partner Sunbird.

9to5Google contributor Dylan Roussel, in a recent a thread on X (formerly Twitter), explained that the CMF Watch app was encrypting both the email address and password provided by users when signing up for an account — while allowing decryption of both the email and password with the same keys. The publication reports that the means to decrypt user information was also found in the Android app, which allowed anyone to view those details.

Advertisement
> So what's the problem? Back in September, the CMF Watch app was encrypting both the email and password, which was great!
>
> But the encryption method used also allowed anyone to decrypt the email and password with the exact same keys. > > — Dylan Roussel (@evowizz) December 1, 2023

Back in September, Roussel had pointed out that the CMF Watch app was developed by Chinese firm Jingxun, and references to the firm were visible in the app. At the time, he pointed out that the company's website also lists OnePlus as one of its partners, alongside Sony, Philips, and Toshiba.

Months after the vulnerabilities were reported, CMF by Nothing told the publication that it is working to fix the security flaws pointed out by Roussel — the encryption method for a user's password has reportedly been resolved, while the email address is still impacted by the flaw. The company told 9to5Google that an OTA update will be rolled out to CMF Watch Pro users to resolve outstanding issues.

Advertisement

According to the 9to5Google report, the company recently opened up different points of contact for vulnerabilities with both Nothing and CMF by Nothing products — these weren't available back in September when the flaws were being reported.

It is worth noting that Nothing was recently entangled in a privacy controversy when the company released its Nothing Chats app in beta, promising Nothing Phone 2 users access to Apple's proprietary iMessage service. After several issues with the privacy and security of the service were raised online — including handling of unencrypted messages and media by Nothing's partner Sunbird — the company pulled its app from the Play Store, while Sunbird also informed users it was pausing access to its own service.

Advertisement

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

CMF Watch Pro

Buy
REVIEW
  • Design and comfort
  • Tracking accuracy
  • Companion app
  • Software and ecosystem
  • Battery life
  • Good
  • Smooth UI
  • Relatively fast charging
  • Long-lasting battery
  • IP68 dust and water resistance
  • Bad
  • Limited watch faces
  • Buggy companion app
  • No interchangeable watch straps
Read detailed Nothing CMF Watch Pro review
 
KEY SPECS
Strap Colour dark grey, ash grey, orange
Dial Shape Square
Display Type AMOLED
Ideal For Unisex
NEWS
More Nothing Smartwatches
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: CMF Watch app, CMF by Nothing, CMF Watch Pro, CMF, CMF wearables, Vulnerabilities
GTA 6 Trailer Out Now; Will Be Available in 2025, Platforms Confirmed
Crypto Price Today: Bitcoin Continues to See Rise in Value, Most Altcoins See Losses
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Poco C81 Series Arrives With 13-Megapixel Camera at This Price in India
  2. You Can Now Use WhatsApp to Recharge Your Prepaid Number in India
  3. Vivo X300 Ultra Content Creation Features Showcased Ahead of India Launch
  4. Mystery iQOO Smartphone in Development as Tipster Reveals Key Specs
  5. Motorola Razr 70 Ultra Could Arrive in These Colour Options
  6. OnePlus Nord CE 6 Key Features Revealed Ahead of Launch in India
  7. Honor Earbuds 4 With Up to 46 Hours of Total Battery Life Debut Globally
  8. Vivo Y6 5G Debuts With 7,200mAh Battery, 6.75-Inch Screen at This Price
  9. Redmi Note 17 Pro Max Leak Reveals Chipset, Camera Details
#Latest Stories
  1. Vivo X300 Ultra Content Creation Features Showcased at Vivo Imagine Labs Ahead of Launch in India
  2. Honor MagicPad 3 Pro 12.3 Launched With Snapdragon 8 Gen 5, Slim 4.8mm Profile and 10,100mAh Battery
  3. Vivo Y6 5G Launched With 7,200mAh Battery, Snapdragon 4 Gen 2 Chip: Price, Specifications
  4. iQOO Smartphone With Dimensity 7500 Chip and 8,000mAh Battery in Development, Tipster Claims
  5. Redmi Note 17 Pro Max Battery, Camera and Chipset Details Leak; to Feature Dimensity 7500 SoC
  6. Assassin's Creed Black Flag Resynced Pricing Leaked Ahead of Official Reveal
  7. Honor Earbuds 4 Launched Globally With Active Noise Cancellation, Up to 46 Hours of Total Battery Life
  8. Motorola Razr 70 Ultra Design, Colour Options Spotted in Leaked Renders and Promotional Image
  9. UK’s FCA Raids Multiple Sites Suspected of Illegal P2P Crypto Operations
  10. Honor Win H7, Win H9 Launched With Up to Intel Core 9 Ultra HX CPU: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.