CID Warns Soldiers About Suspicious Smartwatches in the Mail
BLUF
Smartwatches have become increasingly popular in recent years, offering a convenient way to stay connected and track various aspects of our lives like health, alarms, and increase productivity through reminders. However, it is important to be aware of potential risks associated with these devices. In a recent development, the US Army’s Criminal Investigation Division (CID) has issued a warning to service members about unsolicited smartwatches arriving in the mail. These devices not only carry the risk of malware but also pose a threat of unauthorized access to sensitive systems. In this article, we will explore the implications of this warning and discuss measures that can be taken to mitigate these cybersecurity risks.
- Introduction
- What is the US Army’s Criminal Investigation Division (CID) warning about?
- Who Is Affected by the Alert?
- What are the potential risks of unsolicited smartwatches?
- How can service members protect themselves from these cybersecurity risks?
- Steps to Take if You Receive a Suspicious Smartwatch
- How can manufacturers and authorities address this issue?
- Conclusion
Introduction
The US Army Criminal Investigation Division (CID) has issued an alert to service members, warning them of suspicious smartwatches arriving in the mail. With the prevalence of IoT devices, these watches are likely packing more than just a timepiece and could open up military personnel to malware and unauthorized access to sensitive systems. The CID alert, which was issued in late May, is raising awareness of the potential risks associated with these watches and encouraging service members to take necessary precautions. In their statement, the CID mentioned that “often times, malicious actors will use relatively inexpensive items, such as a smartwatch, as a rudimentary reconnaissance tool to gain access to sensitive information and military installations.” The US Army is one of many organizations that have recently been raising awareness of cybersecurity threats posed by IoT devices. However, the arrival of suspicious smartwatches in the mail may be one of the first tangible threats to military personnel. With the ability to remotely monitor activity, including data transmissions, and potentially act as a communication interceptor, these devices represent an alarming risk and require an appropriately serious response. The CID has warned service members not to open, plug in, or interact with the watches in any way and to submit them to their security office. This is the most reasonable action for military personnel to take to ensure their safety and the security of sensitive information. The US Army CID’s alert serves as an important reminder of the potential risks of IoT devices and the need to remain vigilant in order to keep oneself and one’s organization secure from malicious actors.
What is the US Army’s Criminal Investigation Division (CID) warning about?
The US Army’s Criminal Investigation Division (CID) recently issued an alert to service members, warning them of unsolicited smartwatches arriving in the mail. The CID’s statement warned that the watches could be used as a reconnaissance tool to gain access to sensitive information and military installations. These smartwatches are believed to carry risks of malware and unauthorized access to sensitive systems. In response to this alert, the US Army is encouraging service members to take the appropriate precautions. The warning, which was issued late May, is an important reminder for military personnel to remain vigilant about potential cyber threats posed by IoT devices. Suspicious smartwatches represent an alarming risk, as they can be used to remotely monitor data transmissions and act as a communication interceptor. With the frequent use of apps monopolizing your monopolizing permissions, every soldier and civilian is automatically exposed to a cybersecurity risk.
Who Is Affected by the Alert?
The US Army alert applies to all service members who have received or may receive suspicious smartwatches in the mail. The CID is encouraging service members to be aware of the potential risks of these devices and to submit them to their security office immediately if they receive one. The alert also applies to organizations outside of the military that use or interact with IoT devices. The US Army CID’s warning serves as an important reminder of the potential risks and the need to remain vigilant to keep oneself and one’s organization secure from malicious actors.
What are the potential risks of unsolicited smartwatches?
Unsolicited smartwatches pose several potential risks. Firstly, they may be embedded with malware, which can compromise the security and privacy of the user’s personal information. This malware can potentially steal sensitive data or gain unauthorized access to the user’s connected devices. Secondly, these smartwatches can provide a pathway for unauthorized individuals to gain access to sensitive systems, which can have serious consequences, especially for military personnel.
How can service members protect themselves from these Cybersecurity risks?
To protect themselves from the risks associated with unsolicited smartwatches, service members can take the following measures:
- Avoid accepting or using unsolicited smartwatches: It is crucial to be cautious when receiving packages, especially if they contain smartwatches that were not requested. If you receive an unsolicited smartwatch, do not use or activate it.
- Report the incident: If you receive an unsolicited smartwatch, report it to the appropriate authorities within your organization, such as your S2 (Intel and Security) and S6 (Information Technology and Signal) or your chain of command to include your Commanding Officer (CO). This will help raise awareness and potentially prevent others from falling victim to similar risks.
- Ensure device security: For individuals who already own a smartwatch, it is essential to keep the device’s software and firmware up to date. Regularly check for security updates and install them promptly to minimize vulnerabilities.
- Be cautious of third-party apps: Exercise caution when downloading and installing third-party applications on your smartwatch. Stick to trusted sources such as official app stores and carefully review the permissions requested by each app.
Steps to Take if You Receive a Suspicious Smartwatch
If you receive a suspicious smartwatch in the mail, the US Army CID advises that you not open, plug in, or interact with the device in any way. Instead, you should submit the device to your security office immediately. This is the most reasonable action to take in order to protect yourself and the security of sensitive systems. In addition to submitting the device to your security office, you should also be sure to educate yourself on the potential risks associated with these devices and be mindful of suspicious activity. This includes being aware of any unusual data transmissions and taking the time to read through the privacy policies and terms of service of any devices you interact with.
Cybersecurity Risks in Mobile Applications Permissions
Mobile app permissions grant access to data and resources outside of the application sandbox, posing a potential threat to the user’s data, the system, and other applications. When an application requests a dangerous permission in its manifest, the user must explicitly grant the permission. It is worth noting that the average person has over 40 applications downloaded on their devices, each requesting, but not necessarily needed multiple permissions upon installation. For example, the common map application will need to use your location for navigation, but does not need access to your contacts or call log. Unfortunately, many users mindlessly grant permissions without taking the time to understand what they entail. However, this casual approach to security is incredibly risky when it comes to using your phone.
Many social media applications liberally vacuum up a laundry list of permissions from the average user to include location, contacts, camera, phone, bluetooth, photos, speaker, microphone, and more. There is a great cybersecurity article on mobile app privacy nutrition labels by Ben Lovejoy or 9to5Mac. Here is a comparison of app permissions requested between iMessage and WhatsApp:
By carelessly sharing application permissions, users expose themselves to potential privacy breaches and unauthorized access. It is crucial for users to be aware of the potential dangers associated with granting permissions and to exercise caution when interacting with apps that request sensitive access to their personal data.
Remember, you are the product. Every time you use WhatsApp you are exchanging a majority of your online identity and communications to Meta for the joy of being social. In turn, Meta can use your data against you for marketing, sell it to data brokers, foreign countries, have it stolen in the next data breach, or even provide it to law enforcement without your knowledge.
How can manufacturers and authorities address this issue?
Manufacturers can play a significant role in preventing the distribution of unsolicited smartwatches. They should implement stricter controls on the sale and distribution of their products to reduce the risk of unauthorized devices reaching consumers. Additionally, authorities should work closely with manufacturers to identify and take legal action against individuals or organizations involved in the production and distribution of these unsolicited devices.
Conclusion
While smartwatches offer great convenience and functionality, it is crucial to be aware of potential cybersecurity risks associated with these devices. The recent warning from the US Army’s CID regarding unsolicited smartwatches emphasizes the need for vigilance and caution among service members. By following the suggested measures and being mindful of device security, it is possible to mitigate the risks posed by unsolicited smartwatches. As technology continues to advance, it is essential for individuals, manufacturers, and authorities to work together to ensure the safety and security of smartwatch users.
Sources / Credit
- Photo Credit: Envato Elements
- Photo Credit: Forbes
- US Army’s Criminal Investigation Division. 2023. Modern War Institute. June 15. https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/