Slashdot Mirror

← Back to Stories (view on slashdot.org)

U8 Smartwatch Engages In Covert Traffic With Chinese IP Behind Your Back (softpedia.com)

Posted by timothy on from the your-every-move dept.

An anonymous reader writes: In a presentation at the BSides security conferences in San Francisco, Michael Raggo from MobileIron, has revealed that he discovered a cheap smartwatch engaging in covert communications behind the users' back. The watch in question is the U8 Nucleus, a cheap smartwatch that's made in China, sold for around $17 (€15.6), which also runs its own operating system, also known as Nucleus. When the user would install the iOS/Android app that allows the owners to manage the smartwatch via their phones, the app would start an encrypted communications channel with an IP address in China. This could be telemetry or analytics data, but nothing in the U8 smartwatch manual or website even mentioned something like this was happening in the first place.

13 of 91 comments (clear)

  1. The Chinese by Anonymous Coward · · Score: 5, Funny

    The Chinese want to know what time it is in America! The bastards!

    1. Re:The Chinese by Tx · · Score: 3, Funny

      It spies on you? So the Chinese can do the core features of Windows 10 in a $17 smartwatch? And you wonder why America is being left behind.

      --
      Oh no... it's the future.
    2. Re:The Chinese by zlives · · Score: 2

      but but... win 10 is "free"

  2. Re:Mess with them by MobileTatsu-NJG · · Score: 5, Interesting

    Intercept the packets, change a few bytes here and there, and send them on their way.

    In all seriousness, I wonder when we're going to start responding with tactics like this. Imagine not just fuzzing the data, but imagine software that mimics thousands of these watches sending the fuzzed data back. Which one is the real data?

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  3. why single out out chinese? by sittingnut · · Score: 4, Interesting

    there has been several of these kind of stories here about chinese devices secretly phoning home to an ip addresses (easily found to be chinese) .
    but doesn't lot of other devices do that, regardless of origin of company that makes, designs, or markets, them ( esp device that are much hyped and costs lot more than this)?
    so why select obscure presentations targeting chinese ones?
    btw what are the past accomplishments of michael raggo and mobileIron in this field?

    1. Re:why single out out chinese? by SuperKendall · · Score: 2

      there has been several of these kind of stories here about chinese devices secretly phoning home to an ip addresses (easily found to be chinese) .

      but doesn't lot of other devices do that, regardless of origin of company that makes, designs, or markets, them ( esp device that are much hyped and costs lot more than this)?

      If there were, why wouldn't we have seen stories about this?

      The answer is no, ad the product you are alluding to (the AppleWatch) specifically does not do anything like this - unless after you are asked, you giver permission to send device stats to Apple. Even then the devices are limited in what you send, not for instance just streaming audio around you like one TV maker did...

      so why select obscure presentations targeting chinese ones?

      Gosh, why would they when it's all Chinese devices that have found to have issues with doing this and not telling anyone?

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
  4. US companies.... by bazmail · · Score: 2

    ... would never dream of doing such a thing?

  5. article is FUD by Anonymous Coward · · Score: 3, Interesting

    Wow, these guys come off as idiots.

    >claims it connects to random IP but they can't find it or determine what it is.
    Too stupid to check APNIC?
    > claims watch runs a weird OS "Nucleus"
    Apparently they're too stupid to google it and found out its a rtos for embedded systems that other smart watch makers in China are using
    https://www.mentor.com/embedded-software/industries/wearable-devices
    > apparently never contacted company to ask about connection

  6. So what by pegdhcp · · Score: 2

    Honestly, which slightly advanced OS and/or platforn does not call home? Maybe some not so good variants of Linux. This post so bad to be a piece of FUD, but close enough... Chinese and cheap, huh. They already are a superpower, your are late by 15-20 years, depending on the industry.

    1. Re:So what by 110010001000 · · Score: 2

      You aren't very bright. They OS or platform isn't calling home, the app is. I don't know any decent variant of Linux that calls home.

    2. Re:So what by Zaelath · · Score: 2

      Repos aren't "home", they can even be air-gapped from the internet if you're paranoid or have some other challenging networking.

  7. Re:I have this watch by The-Ixian · · Score: 2

    Never use software from China.

    I can pretty much guarantee that you use Chinese software every day of your life either directly or indirectly.

    --
    My eyes reflect the stars and a smile lights up my face.
  8. Re:Mess with them by LynnwoodRooster · · Score: 2

    I've yet to see a stream of data be properly decoded when chunks of it is randomly changed. Including encrypted data. It tends to make the encrypted data worthless...

    --
    Browsing at +1 - no ACs, I ignore their posts. So refreshing!