The U8 Nucleus smart watch sends encrypted data to an unknown Chinese IP address

At the Security B-Sides MSP 2016 (San Francisco) conference, Michael Raig, an information security specialist at MobileIron, said that he had discovered a cheap smart watch that he had caught in hidden communication without the user's knowledge. Reig gave several specific examples of how mobile applications that are used to work with modern wearable electronics can reveal the personal data of their owner, reports news.softpedia.com.





A series of tests of the most popular modern smart watches for the detection of suspicious network activity was conducted. Michael analyzed four models of smart watches: Samsung Tizen, Apple WatchOS, Android Wear (Moto 360) and U8 Nucleus.

Never trust "cheap"

And here is our winner: the U8 Nucleus is an inexpensive smart watch made in China (about $ 17), with its own Nucleus operating system.



From the very beginning, Reig realized that something was wrong, because instead of going to the site and downloading the application to synchronize with the phone, he received a piece of paper on which the IP address was written. Further, he downloaded one of the applications, which allowed to control the clock from the smartphone. After installing the software, it did not take long to wait: “When synchronizing the clock with the device running Android, [...] they began to transfer data to an unknown IP address in China,” said Reig.

')

The traffic is encrypted, so no one knows what it contains. The researcher says that all data movement took place on an encrypted channel, so that he cannot say what the mobile application is transmitting. Theoretically, this could be simple telemetric data of a smart watch, but in the worst case, it could be a list of phone contacts and other personal data of the user.



“From the point of view of corporate espionage, exfiltration of data and risks, there are definitely a lot of interesting and suspicious in the behavior of watches,” the researcher added.



The following is a speech by Michael Raig at the conference. Part of the U8 SmartWatch from 13:30.