Wearable tech is gaining a lot of ground with Pebble being one of the most successful smartwatches out there – so much so it invited attention of a security researcher who managed to find a loophole, which if and when exploited could lead to DoSing of Pebble and ultimately a factory reset.
Hemanth Joseph, a security enthusiast, discovered the vulnerability in his Pebble running the latest firmware v2.4.1. Pebble displays the entire message on its screen that you receive on your smartphone – be it on WhatsApp or Facebook Messenger or any other compatible app. Even if the message is long to fit the tiny Pebble screen, the smartwatch will still display it through its screen.
Joseph notes that this is where the flaw is. There is no character or word limit set by Pebble which made him experiment with messaging bombing. He tried to send a whopping 1500 messages in 5 seconds to his WhatsApp account.
“As expected the whole screen of my Pebble became filled with lines” Joseph notes in a blog post. “Soon itself it got Switched Off automatically and executed a Factory Reset without any actions from my side to do so! Due to that automatic Factory Reset I lost all my Apps and other data’s which I was having in my Pebble.”
Joseph added that he even reduced the number of messages to just 300 in 5 second. Joseph notes that anyone with just your mobile number or Facebook ID can go about DoSing your Pebble smartwatch by through a small message bomb.
