top of page
Staff

Unsolicited Smartwatches Raise Cybersecurity Red Flags in U.S. Military

Unexpected shipments of smartwatches, capable of automatic connection to cellular networks and Wi-Fi and accessing user information, are being received by members of the U.S. military, triggering cybersecurity alarm bells.


The Army's Criminal Investigation Division (CID) issued a warning last week that these devices could potentially harbor malware. The covert sender of these smartwatches might gain "access to saved data, such as banking details, contact lists, and login credentials," the CID said.


An alternative explanation might be a non-malicious but deceptive marketing tactic known as 'brushing,' where online sellers artificially boost their ratings through fraudulent orders and reviews.


The exact number of smartwatches distributed remains undisclosed by the CID, a standalone federal law enforcement body comprising thousands of personnel.


Wearable tech and app downloads have often conflicted with national security interests where maintaining secrecy is crucial. Smartwatches record personal and location data, and can also record audio, often without a reliable user verification method.


In 2018, The New York Times reported that Strava, a fitness tracking app inadvertently disclosed the locations and routines of military bases and personnel, including U.S. forces in the Middle East. Similarly, in 2020, Bellingcat found that military and intelligence personnel could be traced via Untappd, a beer-review social network.


The CID advises any military personnel who receive an unrequested smartwatch to refrain from activating it and instead, report it to a counterintelligence or security official.

bottom of page