Suspicious Smartwatches Mailed to US Army Personnel
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
The US Army's Criminal Investigation Division (CID) is warning service members to look out for unsolicited smartwatches arriving in the mail, which likely carry risks of malware and allowing unauthorized access to sensitive systems.
When used, the smartwatches are able to auto-connect to the local Wi-Fi network, and can also connect to cellphones, thus allowing access to a user's data. The snooped information can be private and used to exploit a victim, the advisory warned, and it's possible that these watches also carry malware that could allow a threat actor to access, save, or transfer data such as banking information, account information, or personal contacts.
"Most people have heard about techniques involving leaving random malicious USB devices around for curious victims to plug in. This 'surprise smartwatch' tactic leverages the same human curiosity, and grants a threat actor access to some of your most sensitive personal information," said Melissa Bischoping, director of endpoint security research at Tanium, in an emailed comment. "As the adage goes, if it's too good to be true, it probably is, and if you're not paying for the product, you ARE the product."
Alternatively, these mystery smartwatches sent from unknown senders could also be used for a practice known as "brushing," in which presumably counterfeit products are sent via mail to random individuals so that companies can write positive reviews in the name of the person they sent the product to.
Should anyone, military personnel or otherwise, receive a product such as this, the CID advises recipients not to turn it on and to report it to local counterintelligence, or through its "Report a Crime" portal, where individuals can also submit tips.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024