A new smartwatch appears mysteriously in the mail, what could go wrong?

According to the Department of the Army Criminal Investigation Division, a lot. It seems service members have been receiving unsolicited smartwatches in the mail.

When activated, these watches attempt to auto-connect to Wi-Fi and begin trying to connect to cell phones unprompted. Once connected to a smartphone they push malware to the phone which attempts to access saved data such as banking information, contacts, and account information like usernames and passwords. The malware also may try to access both voice and cameras on the phone. In a military context, simply reporting the geolocation of the watch could prove dangerous.

Takeaways:

1. Be careful and deliberate on the access you grant to your smartphone, be that for an application you download or an external device.

2. Beware of strangers bearing gifts

3. Attackers no longer need to hide soldiers in a horse statue and leave it outside the gate, they can stick the Trojan in a watch and mail it.

Source: Department of the Army Criminal Investigation Division

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.