Dec. 31 (UPI) — The Federal Bureau of Investigation warned Thursday of a risk of smart home devices with cameras and voice capabilities being hacked for “swatting” incidents.
The FBI warned users of such devices in a public service announcement to enable two-factor authentication on the devices to help protect against “swatting” attacks from offenders using stolen email passwords to hack into them.
“Users should enable two-factor authentication for their online accounts and on all devices accessible through an Internet connection in order to reduce the chance a criminal could access their devices,” the public service announcement read. “It is highly recommended that the user’s second factor for two-factor or multi-factor authentication be a mobile device number and not a secondary email account.”
Swatting is a hoax 911 call usually reporting an immediate threat to human life to get law enforcement and special weapons and tactics team to respond to a specific location, according the FBI. It may be motivated by revenge, harassment or a prank, but it may also pull law enforcement’s attention away from real emergencies, confuse homeowners and officers, and potentially have deadly consequences.
“Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks,” the PSA read. “To gain access to the smart devices, offenders are likely taking advantage of customers who re-use their email passwords for their smart device. The offenders use stolen email passwords to log into the smart device and hijack features, including the live stream camera and device features.”
“As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police though cameras and speakers,” the FBI added. “In some cases, the offender also live streams the incident on shared online community platforms.”
The FBI also advised users of smart home devices with cameras or voice capabilities to use “strong, complex passwords,” and not duplicate passwords between different online accounts.
The first known live-streamed swatting incidents date back to the mid-2010s, but the devices back then weren’t being hacked, ZDNET reported.
Offenders have used “spoofing technology” to make it look like the call is coming from the victim’s phone number, according to the FBI public service announcement.
The FBI is working with device manufacturers to advise customers about the new scheme and how to avoid being victimized, along with working with law enforcement first responders. Device manufacturers recently notified law enforcement of offenders using stolen email passwords for the swatting attacks.