I recently purchased a refurbished Samsung Galaxy Watch off Amazon through a third-party seller. Now, a few hours later, it occurs to me that it is possible that the previous owner could have rooted the device and that the refurbishing process did not undo it. I can't just do a factory reset from the watch itself, since the owner could have modified the bootloader to only go through the motions of resetting, while keeping the compromise intact.
So,
- Is this something that I actually need to worry about?
- If so, then how can I check my new Galaxy Watch for compromised firmware? Is there an official process I can run, perhaps a reference firmware that I can compare to?
- If I find such firmware, is there a way to remove it? Alternatively, is there an external reset process I can do on the watch to ensure that no malware is left on the device, whether or not it is there?
Some miscellaneous information:
- Primarily, I am concerned about the watch being used by a remote attacker to collect login credentials, such as for Samsung and Google accounts and potentially payment information (such as through Samsung Pay).
- I do not have any reason to believe I could be specifically targeted - I imagine the device would be compromised as part of a random sample to get credentials.
- I cannot get around using my Samsung account, since I plan on using the watch to track sleep and physical activity.
- If I end up finding compromised firmware, or have no method of ensuring that my device is not compromised, I plan on returning the watch and buying a factory new one.