Internet of Things (IoT) has become an easy target for threat actors. The rise of connected devices in our daily lives and unpatched flaws in them have created a security blind spot. Cybercriminals can launch a Zero-day attack to break into internet-connected devices like webcams, smart TV, and other smart home gadgets. The FBI recently issued a warning notice to IoT devices users after cybercriminals targeted residents with Swatting Attacks by exploiting smart cameras and voice-capable smart devices. The agency urged users to use strong passwords and enable two-factor authentication for their connected devices to protect against increasing swatting attacks.
What is a Swatting Attack?
In swatting attacks, the offenders make fake calls to emergency services like law enforcement and the S.W.A.T. team and share false information about the victim’s location. Malicious actors often use Swatting as a form of revenge, harassment, or a prank, sometimes resulting in potentially deadly consequences.
“Offenders often use spoofing technology to anonymize their phone numbers to make it appear to first responders as if the emergency call is coming from the victim’s phone number. This enhances their credibility when communicating with dispatchers,” the FBI said.
To obtain access to connected devices, offenders misuse users’ stolen e-mail passwords or exploiting users who re-use the same passwords. Once compromised, malicious actors take control of the device features like live-stream camera and voice assistant.
How to Defend
The FBI urged users of smart home devices to be vigilant and advised to follow certain measures to maximize IoT device security. These include:
- Because offenders are using stolen email passwords to access smart devices, users should practice good cyber hygiene by ensuring they have strong, complex passwords or passphrases for their online accounts, and should not duplicate the use of passwords between different online accounts. Users should update their passwords regularly.
- Users should enable two-factor authentication for their online accounts and all devices accessible through an internet connection to reduce the chance a criminal could access their devices.
- Users should also enable two-factor or multi-factor authentication with a mobile number, and not with a secondary e-mail account.