A warning issued this week by the FBI warns owners of smart home devices with voice and video capabilities that these types of systems have been targeted by individuals who launch so-called “swatting” attacks.
Swatting is a hoax where someone tricks emergency services into deploying armed law enforcement to a targeted individual’s location by claiming there is a life-threatening situation. These types of pranks are not uncommon, but they can result in lengthy jail sentences for the pranksters.
The FBI warned in an alert issued on Tuesday that swatters have been hijacking home surveillance and other types of devices with audio and video capabilities to watch their victims while they are being swatted. In some cases, the prankster also live-streams the video and engages the law enforcement responders.
“Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks,” the FBI said.
The agency has been working with the manufacturers of the targeted devices to warn customers about the threat and provide them with recommendations on how to avoid having their devices hacked.
“The FBI is also working to alert law enforcement first responders to this threat so they may respond accordingly,” the agency noted.
The FBI has advised users to enable two-factor authentication (2FA) for internet-accessible devices. However, given that the attackers rely on stolen email credentials to hijack surveillance devices, the FBI advises against using a secondary email account for the second factor, and instead recommends the use of a mobile device number. Cybersecurity professionals and even NIST have long urged users to stop relying on SMS-based 2FA.