Did You Receive a Free Smartwatch in the Mail? Don't Turn It On!

pcmag.com:

Members of the US military receiving unsolicited smartwatches in the mail are being urged not to turn them on.

As DefenseNews reports(Opens in a new window), an announcement(Opens in a new window) published on June 15 by the Department of the Army Criminal Investigation Division (CID) confirms some service members are "receiving smartwatches unsolicited in the mail." Unsurprisingly, it turns out these seemingly free gifts are malicious.

The Army CID discovered that turning on one of these smartwatches triggers it to automatically connect to nearby Wi-Fi networks, attempt to connect to smartphones, and possibly contains malware geared towards collecting personal and sensitive information, as well as accessing cameras on your device.

On top of that, they are being used for "Brushing," which is a deceitful technique used to boost seller ratings using fake orders.

It's currently unknown who is distributing the malicious smartwatches and no numbers were shared by the Army CID as to how many have been received. Any member of the military receiving one is asked to report it to their local counterintelligence or security manager. Alternatively, there is a dedicated Army CID portal(Opens in a new window) for reporting a crime that can be used.

Hiding malware inside a smartwatch is a relatively new idea, unlike malware on USB sticks which has been a problem for years. Earlier this week, China-linked malware infected and spread via USB sticks, and even the apps we use aren't always safe. Last month we learned a previously safe Android screen recorder app was updated with malicious functions which turned it into spyware.

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter may