Unauthenticated Pre-Pairing GATT Write Vulnerability in Smartwatch Ecosystems
Gurjot Singh, Vipin Venu, Arjun V
Nullcon Goa 2026 · Day 1
This talk, presented by Gurjot Singh, Vipin Venu, and Arjun V from Innspark Solutions at Nullcon, unveils a critical security flaw dubbed **Unauthenticated Pre-Pairing GATT Write Vulnerability** affecting a vast segment of the smartwatch ecosystem. The researchers demonstrate how an attacker can exploit this vulnerability to read sensitive user data and write arbitrary commands to smartwatches without requiring any prior authentication or pairing. This means an adversary can send fake calls, trigger custom notifications from any app, set alarms, activate "Find My Device," or even factory reset a victim's watch, all while remaining undetected.
AI review
Competent, well-structured BLE security research that documents a real and reproducible vulnerability class affecting budget smartwatches. The work is solid but not surprising — unauthenticated GATT writes in cheap IoT firmware have been a known problem space for years, and the findings don't substantially advance the field beyond confirming that budget OEMs still can't configure a security byte correctly.