You’ve got mail: US Army personnel receive suspicious smartwatches


The US Army Criminal Investigation Division (CID) says that service members shouldn’t turn on smartwatches they’ve recently received in the mail – they may contain malware.

Reports have recently emerged that the US Army is considering wearable devices in order to improve performance or simply track a soldier’s activity on operations or in training.

The US Army Development Command (DEVCOM), in partnership with the US Army Medical Research and Development Command (MRDC) is actually running two science and technology (S&T) projects to assess the viability of using wearable devices to gather data about troops' wellbeing.

However, such plans apparently come with risks. The US Army CID said in a security alert that some service members have received unsolicited D18 smartwatches in the mail.

According to the agency, the smartwatches auto-connected to WiFi networks and cell phones without notifying their users. The CID said the wearables could contain malware which in turn could be used to harvest data, record conversations, or access data from connected devices.

“Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches,” the alert said.

However, the CID conceded another, seemingly less dangerous possibility – that the smartwatches were used for brushing.

“This is the practice of sending products, often counterfeit, unsolicited to seemingly random individuals via mail in order to allow companies to write positive reviews in the receiver's name allowing them to compete with established products,” said the agency.

It asked US Army service members who have received the smartwatches to refrain from turning the devices on and to report them.

Bitdefender, a cybersecurity company, reported back in 2021 that more security risks were emerging thanks to an increase in the use of wearable devices. The gadgets store growing volumes of personal data and are in many cases connected to corporate resources.

Some wearable devices have proximity-based vulnerabilities, and can be used by cybercriminals to harvest account information. Bad actors can take advantage of point-to-point networking, Wi-Fi networks, and other access methods to exploit wearables as entry points, Bitdefender said.