US Military Personnel Warned of Malicious Smartwatches

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Service members across the US military have reported receiving smartwatches unsolicited in the mail. 

These smartwatches have Wi-Fi auto-connect capabilities and can connect to cell phones unprompted, gaining access to user data.

According to the US Criminal Investigation Division (CID), the smartwatches may also contain malware granting the sender access to saved data, including banking information, contacts and account information such as usernames and passwords. 

Additionally, the presence of malware could enable unauthorized access to voice and camera functions, potentially compromising conversations and accounts linked to the smartwatches.

Read more on this type of malware: SpinOk Trojan Compromises 421 Million Android Devices

Officials have raised concerns that these products may be part of a tactic known as Brushing, which involves sending products, often counterfeit, to unsuspecting individuals in order to generate positive reviews in their name.

In response to the reports, CID urged recipients of unsolicited smartwatches to take immediate action.

“Do not turn the device on. Report it to your local counterintelligence, security manager, or through our Submit a Tip – Report a Crime reporting portal,” CID warned last week.

According to Melissa Bischoping, director of endpoint security research at Tanium, the technique is akin to attackers leaving random malicious USB devices around for curious victims to plug in.

“This ‘surprise smartwatch’ tactic leverages the same human curiosity and grants a threat actor access to some of your most sensitive personal information,” Bischoping added.

“As the adage goes, if it’s too good to be true, it probably is, and if you’re not paying for the product, you are the product.”

Gareth Lindahl-Wise, CISO at Ontinue, echoed Bischoping’s point, saying the dangers of fitness trackers disclosing the location of military personnel and installations were seen towards the end of the Afghan conflict.

“A wealth of personal information, such as emails, chats, location and banking information could be exposed […] which could lead to personal and corporate account compromise. These unsolicited ‘goodies’ must be reported and dealt with appropriately.”

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
How technology drives progress – A Q&A with Nobel laureate Michel Mayor
US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *