“A alert released by the FBI this week alerts smart home device owners with voice and video capability that people who conduct so-called “swatting” attacks have attacked these types of devices.
Swatting is a scam in which someone fools emergency responders into sending armed law officers to the location of a threatened party by pretending a life-threatening situation occurs. These kinds of pranks are not rare, but for the pranksters, they will result in long prison terms.
In an alert released on Tuesday, the FBI warned that swatters were hijacking home surveillance and other forms of audio and video equipment to watch their victims as they are being swatted. The prankster also live-streams the video in some instances and engages the law enforcement responders.
“Manufacturers of smart home devices recently notified law enforcement that criminals have used stolen e-mail passwords to access and perform swatting attacks on smart devices with cameras and voice capabilities,” the FBI said.
The agency has worked with the targeted device manufacturers to warn customers of the threat and provide them with recommendations on how to avoid hacking their devices.
“The FBI is also working to alert first responders from law enforcement to this threat so that they can respond accordingly,” the department said.
To enable two-factor authentication (2FA) for internet-accessible devices, the FBI has advised users. However, because criminals rely on compromised email addresses to hijack surveillance equipment, the second consideration is that the FBI advises against using a secondary email address, and instead suggests using a number for a mobile computer. Professionals in cybersecurity and even NIST have long advised consumers to stop relying on 2FA based on SMS.