Lenovo Watch X is a low-end smartwatch launched by the manufacturer last year for the Chinese market.
The strength of this device is undoubtedly its price, equal to the exchange rate of about $50, while the performance according to who bought it sometimes would not be entirely convincing.
According to reports by Erez Yalon, head of the security division of Checkmarx, Lenovo Watch X does not use any encryption system and this exposes the watch to certain vulnerabilities that may result in the risk of changing user passwords, account hijacking and the counterfeiting of phone calls.
Yalon reported that he was able to see his e-mail address and password sent in clear, as well as data on how the watch is used, such as the number of steps taken.
According to Yalon it would be easy to reset the password of anyone knowing its user name and also claims that the watch has shared its precise geolocation with a server in China.
Yelon also explained how it is relatively easy to fake a phone call on the watch by sending special Bluetooth requests or setting alarms or turning off the device.
Lenovo seems to have admitted the existence of such vulnerabilities, promising that it will be resolved this week.