Hackers Using Smart Home Devices To Live Stream Swatting Attacks
The US FBI (Federal Bureau of Investigation) recently stated that the attackers have now started to take control over smart home devices and security systems via breached emails and passwords and are using them to live stream the Swatting events.
Swatting is a hoax call (a call made to trick someone for malicious purposes) made to the emergency service authorities to call the S.W.A.T. team to one’s home by informing a sudden threat to human life.
The US FBI has issued a PSA (Public service announcement) in which the FBI stated that “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks”. The PSA was issued by the FBI right after the smart home device manufacturers noticed the issue and explained it to the responsible authorities. The FBI also believes that the Swatting could be considered a prank for attackers, a form of revenge or harassment but is considered a crime and can have heavy damaging consequences.
Attackers were able to take control of smart home devices by using emails and passwords that were leaked in a data breach in some other company and are still being used by the user. Using email credentials, the hacker or the attacker logs in and takes control of the smart home devices including their speakers and cameras for live streaming.
Once the attackers gain control of the user’s smart home devices, they use the spoofing technique to report the threat at the specified victim’s residence. Attackers are capable of making the call look like it is coming directly from the victim’s phone number even though it is being executed by the attacker. Attackers then watch the intervention footage live and also engage with the S.W.A.T. team at times via speakers. The FBI believes that the attackers share the footage or telecast it live on various shared community platforms.
The FBI in the PSA informs users that the threat actors are using the breached email credentials and so all should try to maintain cyber hygiene by making sure to use complex passwords or strong paraphrases for their online accounts. To be extra careful and safe users should try to update passwords regularly. FBI also advised users to use or enable two-factor or multi-factor authentication and that too with a mobile number not using an extra email as your backup. This may decrease one’s chances of being a victim of such incidents and increasing safety to their accounts and smart home devices. The FBI then finally asks everyone that if anyone has been a victim of any form of compromise of credentials or devices should file a report against such threat actors.
If you like this article, follow us on Twitter, Facebook, Instagram, and Linkedin.