Coros Pace 3, Other Models Affected by Flaw That Lets Malicious Users Access Data, Snoop on Notifications

Several Coros smartwatch models have a Bluetooth vulnerability that allows a malicious user within range of the wearable to view personal data, read all smartphone notifications, or even reset the device. The security flaws were discovered by a German IT firm, when the Coros Watch 3 was paired with an Android smartphone. The company has acknowledged the issue and says that it is working on rolling out updates to resolve the security flaws, and the first updates will roll out to newer models by the end of July.

Coros Responds to Security Flaws Affecting Multiple Smartwatch Models

A blog post by SySS GmbH, the firm that discovered the flaws affecting the Coros Pace 3, provides a detailed explanation of the Bluetooth security flaw affecting the smartwatch. It allows an unauthenticated user who was within range of a Coros watch to take control of an unpatched wearable, access private information on the device, and even “send” fake notifications to the smartwatch.

Injecting notifications on a Coros Pace 3
Photo Credit: SySS GmbH

As long as the attacker is within Bluetooth range (around 10m for most devices), they would be able to access all data on a user’s Coros account on an Android handset. They would also be able to spy on a user’s smartphone notifications, which are received and displayed on the smartwatch.

A malicious user would also be able to modify the configuration of the smartwatch, factory reset it (in the middle of a workout), cause it to crash, or causing data loss during an ongoing running activity.

The firm found that all of the security flaws mentioned above can be exploited when Coros smartwatches are connected to some Android phones. However, iPhone users are protected as iOS encrypts the Bluetooth connection by default.

Coros published a support article that acknowledged the issue, and said that users should pair their device to their Android handset in a “non-public setting”. Users should also force-quit the Coros app after using it, according to the company.

Software fixes for this security flaw will roll out to the Pace 3, Pace Pro, Apex 2, Apex 2 Pro, Vertix 2, Vertix 2S, and Dura by the end of July. Meanwhile, the Coros Pace 2, Apex (42mm, 46mm) \m ad\bd Vertix 1 will also be updated “shortly after”, but there’s no word on these fixess will be released to the public.