U8 Smartwatch Engages In Covert Traffic With Chinese IP Behind Your Back

An anonymous reader writes: In a presentation at the BSides security conferences in San Francisco, Michael Raggo from MobileIron, has revealed that he discovered a cheap smartwatch engaging in covert communications behind the users' back. The watch in question is the U8 Nucleus, a cheap smartwatch that's made in China, sold for around $17 (€15.6), which also runs its own operating system, also known as Nucleus. When the user would install the iOS/Android app that allows the owners to manage the smartwatch via their phones, the app would start an encrypted communications channel with an IP address in China. This could be telemetry or analytics data, but nothing in the U8 smartwatch manual or website even mentioned something like this was happening in the first place.

The Chinese

The Chinese want to know what time it is in America! The bastards!

Re:Mess with them

[MobileTatsu-NJG]

Intercept the packets, change a few bytes here and there, and send them on their way.

In all seriousness, I wonder when we're going to start responding with tactics like this. Imagine not just fuzzing the data, but imagine software that mimics thousands of these watches sending the fuzzed data back. Which one is the real data?