Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability has been identified in Fire-Boltt Smartwatch firmware that allows unauthorized commands to be replayed, potentially enabling malicious actions on the device. This issue stems from insufficient authentication for certain device communications.
- Smartwatches can be controlled remotely without proper checks.
- Confirms security for connected devices needs ongoing review.
- Ensure critical device security by validating all access.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by replaying previously captured Bluetooth Low Energy (BLE) packets to interact with a smartwatch. This attack leverages the device's insufficient authentication for GATT Write Request commands, allowing unauthorized access and control.
- Requires nearby device access.
- Replays BLE packets to trigger features.
- Leads to unauthorized device control.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, functionality on the smartwatch could be triggered by replaying previously captured Bluetooth Low Energy (BLE) packets from a nearby device, due to insufficient authentication and session validation for GATT Write Request commands.
- Smartwatch functionality and data.
- Replaying captured BLE packets.
- Unauthorized actions could occur.
Operational Fix
Recommended remediation, mitigation, and detection steps
Fire-Boltt Smartwatch firmware is vulnerable to improper authentication, allowing previously captured Bluetooth Low Energy (BLE) packets to be replayed for unauthorized device control. Ownership likely falls to the product owner or firmware development team, with initial triage involving identifying affected devices, assessing business criticality, and confirming reachability.
- Product owners and firmware teams.
- Confirm device reachability and business criticality.
- Plan coordinated remediation and vendor engagement.