Remember last summer when it was found that COROS had a slate of pretty severe security vulnerabilities? Initially, these vulnerabilities were ignored by COROS, but following a wee bit of newly applied internet assistance, the company quickly started to focus its efforts on actually fixing them. That’s a good thing, because the vulnerabilities were about as bad as you can get from a security standpoint (short of the watch combusting on your wrist if you missed the prescribed target during an interval).
Of course, you might also remember this was a vast effort affecting every one of their products, at numerous layers. This was not just one minor security bug, but at least half a dozen major architectural changes. Even for a major company, these types of changes wouldn’t be easy to make, nor fast to make. They impacted how the watches talked to the app, and also impacted every single device the company made.
In any event, the security researcher (Moritz Abrell) who found these vulnerabilities recently gave a talk at a security conference about the entire process (both technical and non-technical). This is pretty common in the security realm to do such a presentation, often once the dust settles (or sometimes, to create the dust storm if a company isn’t responding).
If you’re into computers, geekery, or just general security tidbits, the presentation is worth a watch, shared above. And of course, you can find more on his site here. And finally, COROS has a dedicated page too, outlining which watches were impacted and which firmware updates fixed which issues.
With that, thanks for reading!
0 Commentaires