Cybercrime , Endpoint Security , Fraud Management & Cybercrime
FBI Warns Of Swatting Attacks Targeting Smart Home Devices
Hackers Use Stolen Email Credentials to Takeover a Home Smart DevicesThe FBI is warning of a rise in "swatting attacks,"' which see hackers use compromised email accounts to access poorly-secured home smart devices that are equipped with cameras and voice capabilities to make hoax calls to emergency services.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The FBI reports the offenders gain access to the smart devices by using stolen email passwords and then target customers who do not practice good cyber hygiene and re-use those passwords on their home smart devices. The attackers use these email credentials to log into a smart device, hijack its features, including the live-stream camera and the device's speakers to make the hoax calls.
"As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms," the FBI reports.
The agency notes it is working with smart home device makers to advise their customers to use complex, unique passwords and two-factor authentication to prevent their devices from being hacked.
"Swatting is a term used to describe a hoax call made to emergency services, typically reporting an immediate threat to human life, to draw a response from law enforcement and the S.W.A.T. team to a specific location," the FBI notes.
Swatting Attacks
The FBI says those implementing swatting attacks differ from financially motivated hackers by being interested in revenge, harassment, or just pranking emergency services.
These threat actors do share one common trait with their money-centric colleagues: the desire to remain anonymous.
The FBI notes the offenders go to great lengths to hide their identities. This includes the use of spoofing technologies to anonymize their phone numbers to make the swatting call look as if it is originating from the victim's phone number, the report says.
This is not the first time the agency has warned about attacks striking smart devices. Last year, it reported that hackers could target IoT-based smart home devices to gain sensitive user data and also to break into homes. The agency added that no more than two devices should be connected to the same network, as the hackers could then compromise the router to gain access to all the connected devices.
This month a report by security firm Forescout revealed that millions of consumer and enterprise IoT devices have software flaws in their TCP/IP stacks that could result in remote code execution, denial of service, or a complete takeover of a device (see: Millions of IoT Devices at Risk From TCP/IP Stack Flaws).