
Do unsolicited smartwatches now spy on military personnel?

The Department of the Army Criminal Investigation Division (CID) reports that members of the armed services have been receiving free and unsolicited smartwatches. These smartwatches appear to have either had their internal firmware tampered with or specific spying firmware written. When the watch is powered on, WiFi and smartphone connections are used to extract personal information, including passwords, bank details, and location. The CID further speculates that multimedia services (voice/camera) may also be compromised.
On closer reading of the CID’s concerns, it’s unclear whether this is targeted espionage or if it is a marketing tactic called “brushing,” whereby the sender can write positive product reviews by giving a real but false delivery address.
Readers might be reminded of a story from 2018 when Strava was revealed to unwittingly allow foreign actors to gain some access to personnel movements around military bases via its heatmap feature.