PSA: FBI Says Hackers Now Targeting Connected Devices in Your Home

Public service announcements keep rolling in from the FBI. Most recently, the agency warned about scammers spoofing telephone numbers to impersonate law enforcement and use the threat of arrest to demand money. Last week, the FBI issued a new alert about another massive cybercrime operation.

This time, hackers are using the BADBOX 2.0 botnet to target connected devices within your home (aka IoT devices or “internet of things”). IoT devices are physical devices embedded with sensors and software that allow them to connect to the internet and communicate with other devices. They include everything from appliances, thermostats, doorbells, speakers and more.

This Limited-Time Microsoft Office Deal Gets You Lifetime Access for Just $39

Sick and tired of subscriptions? Get a lifetime license for Microsoft Office Home and Business 2021 at a great price!

This scheme is particularly insidious because of how difficult it can be for consumers to detect. BADBOX 2.0 already consists of millions of infected devices. Here’s what we know.

BADBOX 2.0 infected devices are either configured with malicious software prior to being sold (most are manufactured in China) or infected during required application downloads, which typically occur during the setup process. Once an infected device is connected to a home network, it may become part of the BADBOX 2.0 botnet and residential proxy network. Cybercriminals either sell or provide free access to these compromised home networks which allow the bad actors to lurk behind the scenes undetected to steal information and invade your privacy.

So far, the FBI has identified TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, and digital picture frames as primary sources of BADBOX 2.0. However, they do indicate the malware isn’t limited to these devices. Here are some potential indicators that could assist you in determining if any of your devices are infected.

• Suspicious marketplaces to download apps appearing.
• Requiring Google Play protect settings to be disabled.
• Generic TV streaming devices advertised as unlocked or capable of streaming free content.
• IoT devices from unrecognized brands.
• Android devices that are not Play Protect certified.
• Unexplained suspicious Internet traffic.

The FBI also recommends the following mitigation strategies to avoid BADBOX 2.0. These include avoiding unbranded and inexpensive IoT devices, avoiding third-party and unofficial app stores (stick to Apple’s App Store or the Google Play Store), keeping all of your devices up to date with the latest software and operating system updates, and routinely monitoring of your network for suspicious connected devices and traffic.

This should encourage us all to be extra weary of any smart devices we purchase and connect to our home internet. Stick to trusted brand names and avoid bargain IoT devices from Amazon and elsewhere. If the price is too good to be true, there’s usually a catch. If you believe you’ve fallen victim to BADBOX 2.0, contact the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov to file a report.