#WatchOut: Retest shows security flaws still persist in GPS watches
Results indicate that while specific issues have been mitigated, problems still persist. In some cases, changes actually made the security of the products worse.
mnemonic has performed a technical follow-up assessment of the Gator 3 and Viksfjord GPS watches, on request from and in cooperation with the Norwegian Consumer Council. The goal of the assessment has been to evaluate whether changes made to the watches and their accompanying apps, adequately address the previously disclosed vulnerabilities.
mnemonic discovered a covert surveillance feature in the Gator 3 watch and app, allowing an app user to monitor the watch’s microphone. The findings also include an account takeover attack, making it possible to track an unsuspecting user.
The changes made to the Viksfjord watch do not adequately address the previously disclosed findings, hence mnemonic was able to bypass the mitigations and successfully perform an account takeover attack.
Read all of mnemonic's findings from the retest in the technical report.
The original disclosure of multiple vulnerabilities by the Norwegian Consumer Council and mnemonic was published in the #WatchOut report on October 18th 2017.
Read more about the original #WatchOut test.