The Federal Bureau of Investigations (FBI) warned in a public service announcement this week that pranksters are hacking home security systems and using them to place fake calls to emergency services. The dangerous prank, called “swatting,” is being carried out with stolen login credentials, the FBI says.
“Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks,” the PSA reads. The FBI does not elaborate on which company (or companies) warned them of the attacks.
The FBI gives sound advice for security camera owners in its PSA: enable two-factor authentication methods and use passwords that aren’t easy to guess. It would also be easier to stay safe if we had any idea which company's devices are being hacked, too, of course.
Swatting? — The “prank” in question is dangerous and often used for explicit harassment. Essentially, the attacker hacks into a home security system and then places an emergency call using the system’s built-in mechanisms for doing so. Because the call is made from the home itself, it’s often seen as more credible by emergency authorities, who therefore take the call seriously.
The real kicker is that, because of the hacked security system, the attacker can watch while the prank unfolds in real-time. Sometimes the attacks are livestreamed on the internet, too, according to the FBI.
How secure is your security? — It’s pretty horrifying that enough of these attacks have been carried out that the FBI thought it necessary to release a PSA like this — vague as it is — but we can’t say we’re surprised by it.
The last year or so has proven that, despite their purpose as security devices, internet-connected camera systems often do more harm than good. The list of potential dangers is long and unfortunate: deliberate harassment, revealing network traffic, and spontaneous combustion are only the tip of the iceberg.
Just one more thing — The FBI’s warning is made all the more ominous by one very important exclusion: the name of whichever company saw this happening regularly enough to warn the FBI about it. It’s apparent from this PSA that many of the anonymous company’s devices have been compromised — and by staying anonymous the company effectively avoids culpability for what appears to be a widespread hack.
According to the PSA, various smart camera manufacturers will be working with the FBI to “advise customers about the scheme and how to avoid being victimized.” It’s unclear whether or not the company that alerted the FBI to this scheme will be involved in disseminating that information. We certainly hope so.