An IT firm, SySS GmbH, has identified eight weaknesses in COROS PACE 3 watches that permit Bluetooth intruders to obtain user information and intercept notifications. These weaknesses allow attackers within Bluetooth proximity to connect with the device by exploiting a legacy “Just works” pairing method, circumventing secure authentication and encryption measures. Once linked, intruders can retrieve confidential information, alter device configurations, and even transmit counterfeit notifications. COROS has recognized the problem and intends to remedy these vulnerabilities by the conclusion of 2025, focusing on updates for Bluetooth pairing and communication encryption. This scenario underscores the necessity of frequent security updates, particularly for smaller technology companies.
