The U.S. Army’s Criminal Investigation Division is urging military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail, warning that the devices could be rigged with malware.
In an alert issued this week, the army said services members across the military have reported receiving smartwatches unsolicited in the mail and noted that the smartwatches, when used, “have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.”
“These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords,” the army warned.
“Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches,” it added.
What is unclear, however, is whether this is an attack targeting American military personnel. The smartwatches, the investigation division noted, may also be meant to run illegal brushing scams.
“Brushing is the practice of sending products, often counterfeit, unsolicited to seemingly random individuals via mail in order to allow companies to write positive reviews in the receiver’s name allowing them to compete with established products,” the agency said.
Service members receiving any of these electronic devices are advised to keep them turned off and to report the incident to local counterintelligence, security manager, or directly to CID.
In 2018, the Pentagon restricted military troops at sensitive bases or certain high-risk war zone areas from using fitness-trackers or mobile applications that could reveal their location, after news broke that mobile fitness apps Polar and Strava had revealed location data on thousands of military and intelligence members from the U.S. and allied forces.
Related: UK Investigates Hacks on Army Social Media Accounts
Related: War ‘Wake-up Call’ Spurs EU to Boost Cyber Mobility
