The U.S. Army’s Criminal Investigation Division has issued an alert advising military personnel to be cautious about unsolicited smartwatches received in the mail, warning that these devices might be rigged with malware. Service members reported receiving such smartwatches that, when used, automatically connected to Wi-Fi and linked to cell phones without prompting, potentially gaining access to sensitive user data. The alert emphasized the possibility of malware on these smartwatches, providing the sender access to various data, including banking information, contacts, and account details.
There are concerns about potential unauthorized access to voice and camera functions, allowing malicious actors to eavesdrop on conversations and access accounts linked to the devices. While it remains unclear whether this is a targeted attack on American military personnel, the smartwatches might also be involved in illegal brushing scams. Brushing involves sending products, often counterfeit, unsolicited to random individuals through the mail, enabling companies to generate positive reviews in the recipient’s name for competitive purposes.
Service members who receive these electronic devices are advised to keep them turned off and report the incident to local counterintelligence, security managers, or directly to the Criminal Investigation Division. This warning follows previous security measures, such as the Pentagon’s 2018 restriction on the use of fitness-trackers or mobile applications in sensitive military locations, aiming to prevent the exposure of location data of military and intelligence members.