There are functions that many people agree a smartwatch should perform. This includes checking email and text messages, tracking your heart rate and other health indicators, maybe taking dictation.
The U8, an extremely cheap smartwatch that often appears on eBay, offers a new feature: sending something to China. When users paired the smart device with an Android companion app, security researchers found that it was communicating with an unknown IP address. “We ran dynamic and behavioural analysis (on the pairing app) and discovered that when it was paired, it started communicating outbound over a random IP address to China,” researcher Michael Raggo told the BSides SF security conference.
Even if you weren’t the sort of person to log the IP addresses your devices connect to, the average person might have noticed something was amiss. Watch owners downloaded the companion app “from an IP address scrawled on a piece of paper that comes with the U8 watch.” Android, unlike iOS, allows its users to install software from sources other than its first-party app store.
Exactly what the purpose of the Chinese IP address was remains unclear. In general, though, if you care about the security of your devices, you might get some peace of mind by picking up a smartwatch that doesn’t sell for $17 on eBay.