Posted on December 31, 2020 at 3:18 PM
FBI recently published a warning that hackers are targeting smart home device users’ security systems with the aim of hijacking them and conducting swatting.
The holiday season has in full swing, but that doesn’t stop the hackers from conducting their attacks all over the world. One of their campaigns seems particularly dangerous, as even the US FBI decided to issue a warning about it.
According to the Federal Bureau of Investigation, online criminals are taking over people’s smart home security systems and other devices by using stolen email passwords. In doing so, they can live stream swatting incidents.
The issue was reported to the FBI recently by smart home device manufacturers, themselves. The FBI warning came soon after that.
The FBI noted that, recently, offenders started using smart devices of their victims, including home surveillance devices capable of capturing video and audio alike. The goal behind the campaign is to carry out swatting operations.
What are swatting attacks?
Simply put, swatting is a hoax call to emergency services. Such attacks result in S.W.A.T. teams being called to the home of the victim, after receiving a fake report of a threat to human life.
The method was meant to protect people and help stop dangerous criminals who might try to invade the homes of innocent citizens. Instead, hackers are hijacking these systems to conduct pranks, which do not only result in confusion and potential property damage, but can even be deadly. Not to mention that doing so may prevent people who truly need help from receiving it in time.
FBI added that swatting can be motivated by a variety of things. Hackers may do it to take revenge on someone who wronged them at some point, or simply to harass someone for whatever reason. The most common reason is a simple desire to conduct a prank, as mentioned.
However, doing it for any reason is not only a serious crime, but can even pose a threat to human life.
How are hackers doing it?
According to the FBI, the hackers are taking advantage of those smart home device users who tend to use the same passwords for multiple accounts. Essentially, hackers would obtain passwords that were leaked in previous breaches, regardless of which companies got hacked.
Then, they would use those same stolen credentials to try and hack smart devices. If the user used the same password as for their account at the company that was hacked, hackers would be able to access the smart device, as well.
The warning notes that offenders are believed to use spoofing technology, which anonymizes phone numbers. Then, they would call law enforcement, and report crimes at the address of their victim. They would even make it seem like the call is coming from the victim’s own phone number.
They would then watch the arrival of the police through the hacked devices. In some cases, hackers even live-streamed the incident in order to share it on online community platforms.
What can you do about it?
According to the FBI, users need to prevent hackers from taking over their devices at all costs. The best way to do so is to change their default password, and not use a password that they have already used somewhere else.
The new password should be strong, and complex, or even an entire passphrase. Furthermore, passwords/passphrases should be regularly updated, and never duplicated or repeated.
This is something that should be a regular practice for all online accounts of all internet users, as it is the only safe way to keep the hackers unable to hijack accounts.
Lastly, it is also a good idea for users to enable two-factor authentication. This would allow users to add their phone number to their account, and have the system send a code any time someone tries to log into their accounts.
This should prevent most hackers from hacking the account, while it would also notify the user that someone is trying to log in, at the same time.