Hackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI. Swatting is a dangerous prank where emergency services are called to respond to a life threatening situation that requires immediate intervention by police and/or S.W.A.T. teams.
In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.”
“Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences and pulls limited resources away from valid emergencies,” said the FBI in its announcement. “Offenders often use spoofing technology to anonymize their own phone numbers to make it appear to first responders as if the emergency call is coming from the victim’s phone number.”
In the latest wave of attacks, hackers are using credential stuffing, where credentials from previously compromised accounts are used to gain access to internet-enabled smart home devices.
“As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms,” explains the announcement.
While the FBI is currently working with smart home device manufacturers to increase security settings, consumers with camera and voice activated home internet devices are urged to update their passwords, enable multi-factor authentication, and practice good cyber hygiene.