There is a horrible prank that has been in circulation for the last few years whereby a person calls a local police department and reports a terrible crime in progress at a remote address, usually the address of an enemy. Using telephone number spoofing techniques, the call appears to originate from the home of the pranking victim. The police often rush to the scene with weapons drawn, sometimes bringing a full Special Weapons And Tactics (SWAT) Team, as the prankster will report a particularly heinous crime to gain the most severe police response. This has become known as “swatting.” Recent notorious swatting incidents have targeted a popular cybercrime reporter, as well as a female computer game author. This is not an article about protection from the criminals who swat others. Rather, it is about how to avoid swatting oneself. In the new all-things-connected world, we have seen many instances of compromised internet connected webcams, baby monitors, and smart televisions, and other IoT devices. Now, in various locations, you can buy an internet-connected smoke alarm that will notify you if the alarm is triggered. At first impression, the idea that one can be notified via email or text message that the smoke alarm is sounding is wonderful. Once that message is received, the next call that you would probably make is to the local emergency responders, so they can rush to your home to investigate the trouble. But, what if – as with all connected devices – someone else can access and trigger a false alarm in the device, causing you to summon the fire department to your home? If you're not home, the police and fire department have the authority to break down the door to gain entry while responding to the emergency. How many broken doors would you need to face before you are convinced that perhaps an internet connected smoke detector is not necessarily the best idea? If a home alarm system generates too many false alarms to the police department, they will send the homeowner an invoice for their services (or more specifically, a bill for wasting their valuable resources on false alarms). In terms of cost, a misbehaving internet-connected smoke alarm is equivalent to a self-swatting. Luckily, you probably won’t be home to face the first responders. The best way to protect against a compromised internet-connected smart-home device is to practice good security on your Wi-Fi router. The problem is that in their haste to make these devices, the manufacturers would rather promote the ease of setup, in some cases going so far as to offer voice commands to set up the device. We have heard numerous times how convenience should not subvert security. Why would a company that sells a home security product such as a smoke alarm fail to adhere to a higher security model? Stay safe, friends.
About the Author: Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
