Lenovo smartwatch which was launched in June 2018 attracted the attention of many with its features, design and affordability. Within a span of just a few months it had to hear a lot of accusations for its usability and mainly for its security.
Security researchers have found that the watch violated one’s privacy by sending one’s location to an unknown server in China where Lenovo is headquartered. Another main flaw was that communication sent between the mobile app and its server is not encrypted, thus anyone could access the information.
Another bug was associated with account credentials.It lacked account validations and permission. Thus anyone could go ahead with a password change request if they knew the user id of an account and therefore hijack user accounts
Despite all these flaws there were issues relating to Bluetooth functioning too. One of which was that on hand movements the watch could go into pairing mode but it would never time out. Another main problem was regarding alarms. Malicious users could send commands to set alarms and it can go to the extend of setting even multiple alarms each minute.
Lenovo has confirmed receipt of the bugs and has confirmed the issue of its fixes but it is not clear on what the user need to do to ensure they get the fix implemented.
