Abstract
“What if anyone in a cafΓ© could start talking to your smartwatch β without pairing, without your app, without your consent?” This talk presents a protocol-level vulnerability class we call Unauthenticated Pre-Pairing GATT Write (UPPGW), found across multiple popular BLE smartwatches in the Indian market.
Core GATT characteristics that control the watch’s UI and behaviour accept Write / Write Without Response on completely unauthenticated, unencrypted connections, allowing any attacker in radio range to connect as a generic BLE client and push arbitrary payloads straight into the watch. Notification spoofing is the most visible demo, but it is only one example. The same primitive enables convincing phishing flows on the wrist, silent command and state abuse, battery-drain denial of service, and raises the risk of memory corruption when parsing is fragile. We walk through how we actively probed four vendors, how we generalised their individual bugs into a single “UPPGW” pattern, and how to recognise this class purely from the GATT view.