Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.
These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.
Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches.
These products may also be used for Brushing. This is the practice of sending products, often counterfeit, unsolicited to seemingly random individuals via mail in order to allow companies to write positive reviews in the receiver's name allowing them to compete with established products.
What to do if you receive one of these devices:
- DO NOT turn the device on.Report it to your local counterintelligence, security manager, or through the Submit a Tip - Report a Crime reporting portal.