Pierluigi Paganini
June 24, 2023
The U.S. Army’s Criminal Investigation Division reported that service members across the military received smartwatches unsolicited in the mail. Upon using these smartwatches, the devices automatically connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a huge quantity of user data.
The military investigation division also reported that the smartwatches may also contain malware that could be used to spy on the soldiers and steal sensitive data.
“These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.” reads the alert. “Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches.”
The alert also states that the products may also be used for Brushing, which consists of sending products, often counterfeit, unsolicited to seemingly random individuals via mail to allow companies to use the receiver’s name to write positive reviews.
US Military personnel that have received the devices are recommended to don’t turn the device on and report it to their local counterintelligence, or security manager, or through our Submit a Tip – Report a Crime reporting portal.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, intelligence)
