Unauthorized BLE Access in Frontier X2 Device and Mobile Application
CVE-2026-5768
What is CVE-2026-5768?
The Frontier X2 device features a critical vulnerability allowing unauthenticated Bluetooth Low Energy (BLE) read/write access to its essential GATT characteristics. This flaw does not enforce necessary pairing authentication or authorization, enabling attackers within BLE proximity to manipulate the device's functionalities. Potential attacks include unauthorized initiation or cessation of activities, triggering of vibrations, and introducing denial-of-service conditions. Moreover, the associated Frontier X mobile app lacks robust BLE device authentication, which could allow attackers to impersonate legitimate devices, facilitating unauthorized connections. By mimicking BLE advertisements and asserting expected GATT characteristics, these attackers can alter activity states and inject fraudulent health metrics, such as breathing rate and heart rate, into the application, posing severe risks to user safety and privacy.
Affected Version(s)
Frontier X Android application 0 < 15.0.0
Frontier X IOS application 0 < 25.0.0
Frontier X2 All versions
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved