Malicious persons can remotely delete data from Pebble smartwatch

A security researcher has discovered that it is relatively easy for malicious parties to remotely delete all data from the Pebble smartwatch. Due to a bug, the smartwatch automatically resets when it is bombarded with messages.

The method of factory resetting the Pebble watch, which removes all data from the device, was discovered by Hermanth Joseph, who explained this in a blog post. It turns out that it is possible to perform a dos attack on the Pebble by bombarding it with messages. The Pebble has the property that it shows every incoming message in its entirety on the screen, making it relatively easy to get the watch to freeze.

Joseph sent about 1500 Whatsapp messages to his own account in just five seconds, which the smartwatch turned out to be unable to handle. This then automatically caused a factory reset to be performed. As a result, the user loses all data stored on the watch. However, it is not clear why the Pebble automatically resets. According to Joseph, his dos method also works by sending a smaller number of messages to the smartwatch.

With the method, malicious parties can ensure that the Pebble is reset without requiring technical knowledge. All that is required is contact information for accounts that the user has set up to receive notifications on the watch. The Pebble also shows notifications from Facebook, which in theory makes it possible to perform the dos method in different ways. To show notifications, the Pebble must be paired with a smartphone.