Be careful of cheap smartwatch offered on the web, security researchers at Mobile Iron have found that the U8 Smartwatch available on eBay for sale is offered with an Android or iOS app that contains a backdoor that is linked to a Chinese IP address.
The discovery was presented at the BSides San Francisco conference and of course, the wearable device represents a serious threat to the users’ privacy.
The U8 smartwatch is offered on eBay for 15,99 Euro (just US$17), the buyers download the pairing app from an IP address reported on a piece of paper that comes with the device.
The smartwatch has 1.48″ touch screen and Bluetooth connectivity to mobile devices to control calls by using an Android app that can access the user’s contacts, call and SMS histories.
Mobile Iron research director Michael Raggo told the BSides San Francisco conference the watch is a threat to individual and enterprise security.
The U8 Smartwatch is only one of the list of devices analyzed by Raggo and his colleagues, including the Apple Watch running the WatchOS, the Samsung Gear 2 running Samsung Tizen, and the Moto 360.
“We ran dynamic and behavioural analysis (on the pairing app) and discovered that when it was paired, it started communicating outbound over a random IP address to China,” explained the Mobile Iron research director Michael Raggo (@datahiding)
“We don’t know what the IP address is. “In terms of corporate espionage, in terms of risk, there’s definitely a lot of suspicious behaviours there.”
Raggo has developed a Python tool called SWATtack tool that could be used for forensics analysis and vulnerability assessment on the smartwatches. The tool is also able to bypass PIN protection implemented on Samsung Gear 2 Neo watches and exfiltrate data.
(Security Affairs – U8 Smartwatch, hacking)
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.