In an age when technology and warfare are inextricably linked, the US military faces an insidious threat – unsolicited smartwatches that come bearing more than just time.
Recent events have revealed a concerning trend. The Department of the Army Criminal Investigation Division reports that military personnel in the United States have been receiving smartwatches in the mail, seemingly out of nowhere.
Despite their small size, these devices are capable of posing a significant cyber threat. They can latch onto cell phones and Wi-Fi networks once activated, sharing a wealth of user data. Personal information, banking information, and sensitive account credentials could all be compromised.
Essential reading: Best fitness trackers and health gadgets
In addition, these smartwatches appear to be part of a larger fraudulent scheme, commonly referred to as “brushing.” This scheme involves shipping unwanted products to unsuspecting individuals with the goal of inflating a seller’s ratings through the fabrication of orders. To fulfill the requirements of e-commerce sites that typically mandate a physical dispatch for a legitimate order, the seller often sends an inexpensive item.
The true scope of this operation is unknown. But it serves as a stark reminder of the ever-changing nature of cybersecurity threats.
These types of risks are nothing new
The risks posed by wearable technology are not new. Smartwatches and similar devices have historically clashed with the need for secrecy in the national security environment. These devices have the potential to record personal and location data as well as audio. The built-in security measures are frequently insufficient for verifying users, leaving the door open to cyber threats.
The 2018 Strava incident is a prime example. Inadvertently, a fitness app that tracked user activity revealed the locations and routines of military bases and personnel. The inclusion extended to American forces stationed in the Middle East. Similarly, in 2020, reports indicated that Untappd, a beer-rating social network, tracked military and intelligence personnel.
The danger extends beyond military personnel. The Pentagon has prohibited deployed personnel from using fitness trackers, smartphones, and certain apps with geolocation features. The Strava incident prompted this decision.
This pattern is also reminiscent of other cybersecurity breaches. The FBI warned US businesses last year about an Eastern European cybercriminal group attempting to hack into various sectors using malicious USB drives. This group focused on the transportation, defence, and insurance industries, emphasising the breadth and sophistication of potential threats.
Considering these threats, it’s strongly advised that military personnel report any unsolicited smartwatches to their local counterintelligence or security manager, without turning them on. The risk stems not only from the immediate threat of data theft, but also from long-term security risks. Foreign intelligence agencies could exploit these devices to amass comprehensive data on individual soldiers and their units. This could be a precursor to more serious security breaches.
Smartwatches of today could be Trojan horses of tomorrow, and the first line of defence is awareness and caution. This is a cautionary tale for everyone, illustrating the vulnerability that technology can cause in our interconnected world. Be very suspicious if you receive a free smartwatch in the mail.
Like this article? Subscribe to our monthly newsletter and never miss out!