Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

FBI: Home Surveillance Devices Hacked to Record Swatting Attacks

A warning issued this week by the FBI warns owners of smart home devices with voice and video capabilities that these types of systems have been targeted by individuals who launch so-called “swatting” attacks.

A warning issued this week by the FBI warns owners of smart home devices with voice and video capabilities that these types of systems have been targeted by individuals who launch so-called “swatting” attacks.

Swatting is a hoax where someone tricks emergency services into deploying armed law enforcement to a targeted individual’s location by claiming there is a life-threatening situation. These types of pranks are not uncommon, but they can result in lengthy jail sentences for the pranksters.

The FBI warned in an alert issued on Tuesday that swatters have been hijacking home surveillance and other types of devices with audio and video capabilities to watch their victims while they are being swatted. In some cases, the prankster also live-streams the video and engages the law enforcement responders.

“Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks,” the FBI said.

The agency has been working with the manufacturers of the targeted devices to warn customers about the threat and provide them with recommendations on how to avoid having their devices hacked.

“The FBI is also working to alert law enforcement first responders to this threat so they may respond accordingly,” the agency noted.

The FBI has advised users to enable two-factor authentication (2FA) for internet-accessible devices. However, given that the attackers rely on stolen email credentials to hijack surveillance devices, the FBI advises against using a secondary email account for the second factor, and instead recommends the use of a mobile device number. Cybersecurity professionals and even NIST have long urged users to stop relying on SMS-based 2FA.

Advertisement. Scroll to continue reading.

Related: CISA, FBI Alert Warns of Vishing Campaign

Related: FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure

Related: FBI Warns of Spoofed FBI-Related Domains

Related: FBI Warns of Auto-Forwarding Email Rules Abused for BEC Scams

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.