The F.B.I. is warning users to use strong credentials to prevent their smart devices from being used during swatting attacks.
The U.S. Federal Bureau of Investigation (F.B.I.) issued a warning to inform that cybercriminals are hijacking internet-connected devices and using them to live stream swatting attacks. Their prime targets are owners of smart devices with voice and video capabilities using weak login protections or default credentials.
What is a Swatting Attack?
Swatting refers to making a hoax call to emergency services, such as reporting a threat to human life, to draw S.W.A.T. team or emergency responders’ responses to a particular location. This creates confusion among the responding officers and homeowners and often results in devastating and even violent consequences and deprives the department of the already limited resources required to deal with genuine emergencies.
Swatting could be used as a form of harassment or a prank and to take revenge. Regardless of what motivates an individual to commit swatting, it is a crime with drastic repercussions. In 2017, an innocent man was shot dead by a police officer after a Call of Duty gamer pranked authorities into giving the fake address of a 28-year-old father.
How are Swatters Targeting Smart Devices?
Swatters are exploiting home surveillance smart devices with built-in voice and video functions to carry out such attacks. They easily target those devices with weak or default login credentials since many users choose to reuse their email passwords for their smart devices. Swatters use stolen email passwords to access the smart device and use the device speakers and camera for live-stream.
After compromising the device, the offenders call emergency services using the victim’s residence as the location to report a crime. When the officers reach the place, the offender watches the footage via the smart device’s live stream feature and communicates with the police using the speakers. They sometimes livestream the entire incident on shared online platforms.
Here are some examples of how swatting works:
In a security advisory, the Bureau said that:
The FBI urges anyone who believes they may have been victimized to make a police report. If you believe your e-mail or other smart device credentials were compromised, you should report the incident at www.ic3.gov.
How to Protect your Smart Devices from Swatters?
The F.B.I. has urged users to keep complex and unique passwords and enable 2FA authentication to prevent their devices from swatters. Users’ two-factor authentication or multi-factor authentication must be a mobile device instead of an email I.D.
To maximize security, users of smart home devices with audio/video capability must secure their online accounts with stronger passphrases and avoid using duplicate passwords for different accounts. Furthermore, they must update their passwords for all the accounts regularly.