If you thought Strava's privacy issues were bad, strap in: Coros has confirmed some major security issues with its watches. During an analysis of Coros Pace 3 Bluetooth security, German IT security researchers identified at least eight distinct security flaws that affect every Coros device on the market—not just the Pace 3 model, as was first believed. After an initially lackluster response, Coros has since entered damage control mode, and is promising fixes by the end of summer.
The vulnerabilities stem from fundamental issues in the Bluetooth connectivity code shared across all Coros watches and their bike computer, creating a security nightmare that impacts the company's entire product lineup.
By exploiting these security flaws, an unauthenticated attacker within Bluetooth range can perform the following actions:
Hijack user accounts and access all stored fitness data on COROS.com
Eavesdrop on sensitive information including text messages and notifications
Manipulate device settings remotely without user knowledge
Factory reset devices from a distance, wiping all user data
Crash devices during critical moments
Interrupt active workouts and force the loss of recorded fitness data
If you're interested in diving into the specific coding and architectural issues at play here, I highly recommend taking a look at the original blog post outlining the problem. Perhaps most concerning is the ability for attackers to inject false information, such as fake text notifications, while simultaneously monitoring all genuine messages and notifications sent to the watch.
When alerted to these massive security holes, Coros initially seemed less than alarmed. The security researchers followed standard industry protocol, privately disclosing the vulnerabilities with the company and providing a 90-day window for it to provide fixes before going public. At first, the company indicated that fixes wouldn't arrive until the end of 2025—a less than urgent response. Only after the vulnerabilities were publicly disclosed on June 17th, 2025, complete with detailed reproduction steps and exploit code, did Coros begin taking the situation seriously.
What Coros users need to do
The company has now accelerated its timeline, promising partial fixes by the end of July and complete resolution by August.
The initial response from Coros appears to have treated these critical security flaws as routine bugs, which might be chalked up to inexperience: Though the issues are concerning, this does appear to be the company's first major security incident,. Gadget reviewer DC Rainmaker—the same reporter responsible for escalating this issue to Coros in the first place—posits that after this, Coros will likely have better public channels and internal processes in place for tackling future security issues.
But that issue aside, what do you need to do if you own an affected device?
In a Reddit comment, Coros says if your watch is up to date, there’s nothing you need to do right now. But when their next software updates are available in July and August, you should update your watch immediately to fix these vulnerabilities. Unfortunately, there are no effective workarounds to mitigate the vulnerabilities in the meantime, as they're embedded in the devices' Bluetooth communication protocols.
The bottom line
Even if you aren't a Coros user, it's important to remember that all fitness wearables, despite their seemingly benign nature, can become significant security liabilities. These devices often have access to highly personal information—from health data and location tracking to text messages and notifications—making them attractive targets for hackers. As our wearables become increasingly sophisticated and connected, it's more important than ever to stay on top of best security practices.
And if you are a Coros user, make sure you install any and all July and August updates as soon as they are released.
Read More Details
Finally We wish PressBee provided you with enough information of ( There’s a Major Security Issue With Coros Fitness Trackers )
Also on site :
- Attempts to kill DEI have inadvertently made corporate diversity stronger
- Iconic '70s Rock Band Initially Said No to Legendary Concert
- 6 Nighttime Habits of Celebrities Over 50 With Beautiful Skin