FBI: Hackers are using your smart-home devices to call the cops on you

Three heavily armed police officers in quasi-military gear.
(Image credit: Getmilitaryphotos/Shutterstock)

Dangerous pranksters are tapping into home security cameras and similar smart-home devices to watch the results of "swatting" attacks, the FBI warned in a public service announcement last week.

"The offenders use stolen email passwords to log into the smart device and hijack features, including the live-stream camera and device speakers," the FBI announcement said. 

The FBI wasn't clear whether the intruders were using the cameras to call police, a capability that some home security cameras have, or just using the cameras to watch what happened after 911 calls are placed by telephone.

The perpetrators "then call emergency services to report a crime at the victims' residence," the FBI added. 

"As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms."

How to protect your security camera

Almost all security-camera "hacks" are the result of camera owners reusing passwords for other accounts or using weak passwords that were easy to guess. The FBI confirmed that this is the primary reason for these new incidents.

The best way to avoid becoming a victim of this new twist is to make sure you have a strong, unique password for the account connected to your security camera, video doorbell, baby monitor or other internet-connected fixed camera. One of the best password managers will go a long way toward keeping your passwords straight.

The FBI also recommended that security-camera owners use two-factor authentication (2FA) on their accounts so that the cameras can't be hijacked even if an intruder gets the password. Ring and Nest are among the security-camera and video-doorbell providers that offer 2FA.

What is 'swatting'?

"Swatting" is the term for reporting a bogus hostage situation or other potentially violent incident at someone else's house, with the result that heavily armed police officers — in other words, a SWAT team — show up prepared for a shootout. The prankster often uses telephone-number "spoofing" software to make it seem like emergency calls are coming from the victim's phone.

Online gamers and other knuckleheads have been using swatting to harass people for many years, but this is the first time that we've heard of smart-home devices being used to view the aftermath.

In most swatting cases, no one gets hurt. But in 2017, a Kansas man was killed by police as the result of swatting that stemmed from an argument between three online game players whom the victim didn't know. 

Two years earlier, an Oklahoma police officer was shot and wounded by a home's resident after another man posed as the resident and made bomb threats.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.