All Posts

1 posts

Pebble Smart Watch Developer Portal Vulnerability

Cloudpebble LogoHere’s a short story about a simple vulnerability that was easy to fix, but nonetheless could have had serious consequences.

Imagine an attacker, who doesn’t even have root access, being able to:

-  Get source code from the community of Pebble watch developers

-  Replace their binaries with malicious ones

-  Deploy the malicious binaries to the developers’ watches when they click the ‘Remote Deployment’ button.

Continue reading …