"US Military Personnel Receiving Unsolicited, Suspicious Smartwatches"

The U.S. Army’s Criminal Investigation Division is warning military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail.  In a recent alert, the army said service members across the military have reported receiving smartwatches unsolicited in the mail and noted that the smartwatches, when used, “have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.”  The army warned that these smartwatches may also contain malware that would grant the sender access to saved data, including banking information, contacts, and account information such as usernames and passwords.  The army noted that malware may be present that can access both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches.  What is unclear, however, is whether this is an attack targeting American military personnel.  The smartwatches, the investigation division noted, may also be meant to run illegal brushing scams.  The army noted that brushing is the practice of sending products, often counterfeit, unsolicited, to seemingly random individuals via mail in order to allow companies to write positive reviews in the receiver’s name, allowing them to compete with established products.  The army stated that service members receiving any of these electronic devices are advised to keep them turned off and to report the incident to local counterintelligence, security manager, or directly to CID.

SecurityWeek reports: "US Military Personnel Receiving Unsolicited, Suspicious Smartwatches"