The US Federal Bureau of Investigation (FBI) is warning that some users of smart home devices with cameras and voice capabilities had fallen victim to swatting attacks, after offenders used stolen e-mail passwords to access those devices.

Swatting describes a hoax call made to emergency services, typically reporting an immediate threat to human life, to draw a response from local law enforcement and the S.W.A.T. team at a specific location. Swatting attacks involving smart home devices highlight the need for consumer education regarding cybersecurity and open the door for broadband service providers to tout their cybersecurity services.

Perpetrators often use spoofing technology to anonymize their own phone number to make it appear to first responders as if the emergency call is coming from the victim’s phone.

Swatting and home surveillance equipment

This new version of swatting adds a twist with offenders using purloined passwords to access home surveillance equipment, enabling them to view live stream footage of the S.W.A.T. event from home cameras and engage with first responders through the cameras and speakers. Swatters, who are often motivated by revenge or the desire for bragging rights, might also live stream the incident on shared online community platforms.

The FBI wants law enforcement and the general public to be aware of this new wave of swatting attacks. People with home surveillance and other devices with cameras and microphones should use unique, complex passwords for them along with two-factor authentication to prevent cyber-intruders from taking over their connected devices. Users should also routinely change their device passwords. The FBI is collaborating with original equipment manufacturers (OEMs) of smart devices to inform customers about this scheme and instruct them on how to protect themselves.

The menace should be taken seriously by consumers and OEMs. If a particular brand of surveillance device becomes identified with a major swatting incident in which someone is harmed or killed, there could be repercussions for the OEM, which is why it behooves device makers to educate their customers about this issue.

Broadband service providers have a role to play as well by encouraging their subscribers to take advantage of cybersecurity services designed to protect a home’s connected devices. Network security products that are designed to block remote access to connected devices by unknown or dangerous sources and which also monitor devices in real time might potentially deflect or detect a swatting incursion.