Cybercriminals Step Up Smart Home Security Threats

A new year is bringing in a fresh crop of cybersecurity threats. The COVID-19 pandemic brought a surge in online attacks in 2020, with cybercrime up 600% during the pandemic. But while most cybercriminals are after money or information, there is a select group that simply wants to wreak havoc.

With that in mind, the FBI has sent out a recent warning about the rise in “swatting attacks” targeting users of smart home devices. Swatting is defined as a hoax call made to emergency services, usually reporting an immediate threat to a person, in order to get law enforcement and a S.W.A.T. team to show up to a specific location. Whether it’s done as a revenge tactic, a form of harassment, or a prank, swatting is a serious crime that has resulted in health-related or violent consequences.

The FBI explained that offenders often use spoofing technology to make it look as if the emergency call is coming from the victim’s phone number. In these recent cases, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out the attacks.

The hackers are most likely taking advantage of customers who re-use their email passwords for their smart device to hijack features, including the live-stream camera and device speakers. In addition to making the call, the cybercriminal watches the live stream footage and speaks with the police through the camera and speakers. In some cases, they will even live stream the incident on online community platforms.

The FBI notes that smart home device manufacturers need to advise their customers to use complex, unique passwords to prevent their devices from being hacked.

“Users should enable two-factor authentication for their online accounts and on all devices accessible through an internet connection in order to reduce the chance a criminal could access their devices,” the agency advised. “It is highly recommended that the user's second factor for two-factor or multi-factor authentication be a mobile device number and not a secondary e-mail account.”