Dangerous pranksters are tapping into home security cameras and similar smart-home devices to watch the results of "swatting" attacks, the FBI warned in a public service announcement (opens in new tab) last week.
"The offenders use stolen email passwords to log into the smart device and hijack features, including the live-stream camera and device speakers," the FBI announcement said.
- The best home security cameras
- Millions of security cameras at risk of being hacked: What to do
- Latest: Adobe Flash is officially dead — what to do now
The FBI wasn't clear whether the intruders were using the cameras to call police, a capability that some home security cameras have, or just using the cameras to watch what happened after 911 calls are placed by telephone.
The perpetrators "then call emergency services to report a crime at the victims' residence," the FBI added.
"As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms."
How to protect your security camera
Almost all security-camera "hacks" are the result of camera owners reusing passwords for other accounts or using weak passwords that were easy to guess. The FBI confirmed that this is the primary reason for these new incidents.
The best way to avoid becoming a victim of this new twist is to make sure you have a strong, unique password for the account connected to your security camera, video doorbell, baby monitor or other internet-connected fixed camera. One of the best password managers will go a long way toward keeping your passwords straight.
The FBI also recommended that security-camera owners use two-factor authentication (2FA) on their accounts so that the cameras can't be hijacked even if an intruder gets the password. Ring and Nest are among the security-camera and video-doorbell providers that offer 2FA.
What is 'swatting'?
"Swatting" is the term for reporting a bogus hostage situation or other potentially violent incident at someone else's house, with the result that heavily armed police officers — in other words, a SWAT team — show up prepared for a shootout. The prankster often uses telephone-number "spoofing" software to make it seem like emergency calls are coming from the victim's phone.
Online gamers and other knuckleheads have been using swatting to harass people for many years, but this is the first time that we've heard of smart-home devices being used to view the aftermath.
In most swatting cases, no one gets hurt. But in 2017, a Kansas man was killed by police as the result of swatting that stemmed from an argument between three online game players whom the victim didn't know.
Two years earlier, an Oklahoma police officer was shot and wounded by a home's resident after another man posed as the resident and made bomb threats.