Slashdot Mirror

← Back to Stories (view on slashdot.org)

U8 Smartwatch Engages In Covert Traffic With Chinese IP Behind Your Back (softpedia.com)

Posted by timothy on from the your-every-move dept.

An anonymous reader writes: In a presentation at the BSides security conferences in San Francisco, Michael Raggo from MobileIron, has revealed that he discovered a cheap smartwatch engaging in covert communications behind the users' back. The watch in question is the U8 Nucleus, a cheap smartwatch that's made in China, sold for around $17 (€15.6), which also runs its own operating system, also known as Nucleus. When the user would install the iOS/Android app that allows the owners to manage the smartwatch via their phones, the app would start an encrypted communications channel with an IP address in China. This could be telemetry or analytics data, but nothing in the U8 smartwatch manual or website even mentioned something like this was happening in the first place.

3 of 91 comments (clear)

  1. Re:Mess with them by MobileTatsu-NJG · · Score: 5, Interesting

    Intercept the packets, change a few bytes here and there, and send them on their way.

    In all seriousness, I wonder when we're going to start responding with tactics like this. Imagine not just fuzzing the data, but imagine software that mimics thousands of these watches sending the fuzzed data back. Which one is the real data?

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  2. why single out out chinese? by sittingnut · · Score: 4, Interesting

    there has been several of these kind of stories here about chinese devices secretly phoning home to an ip addresses (easily found to be chinese) .
    but doesn't lot of other devices do that, regardless of origin of company that makes, designs, or markets, them ( esp device that are much hyped and costs lot more than this)?
    so why select obscure presentations targeting chinese ones?
    btw what are the past accomplishments of michael raggo and mobileIron in this field?

  3. article is FUD by Anonymous Coward · · Score: 3, Interesting

    Wow, these guys come off as idiots.

    >claims it connects to random IP but they can't find it or determine what it is.
    Too stupid to check APNIC?
    > claims watch runs a weird OS "Nucleus"
    Apparently they're too stupid to google it and found out its a rtos for embedded systems that other smart watch makers in China are using
    https://www.mentor.com/embedded-software/industries/wearable-devices
    > apparently never contacted company to ask about connection