Is your smart home spying? FBI warns devices could be linked to crime
Cyber criminals have managed to gain unauthorized access to home networks by compromising at-home technology such as streaming devices and digital picture frames, the Federal Bureau of Investigation (FBI) said in a statement.
By leveraging Badbox, cyber criminals are able to access the at-home streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames, and more, the agency explained.
Criminals exploit Internet of Things (IoT) devices connected to home networks to conduct criminal activity, the statement reads. They do so by using the BadBox 2.0 botnet, which turns Android-based devices into a controlled network of infected machines. The malware typically spreads through hidden apps downloaded from unofficial stores, and is often pre-installed on cheaper devices.
By leveraging Badbox, cyber criminals are able to access the at-home streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and more, the agency explained.
'Most of the infected devices were manufactured in China,' the FBI said. 'Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.'
Once these compromised devices are connected to home networks, they are susceptible to becoming part of the BadBox botnet and residential proxy services, according to the press release.
Possible indicators of BadBox activity include:
The presence of suspicious marketplaces where apps are downloaded
Requiring Google Play Protect settings to be disabled
Generic TV streaming devices advertised as unlocked or capable of accessing free content
Home devices advertised from unrecognizable brands
Android devices that are not Play Protect certified
Unexplained or suspicious internet traffic
'The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks,' the FBI said.
People can minimize exposure to unauthorized residential proxy networks by:
Maintaining awareness and monitoring internet traffic of home networks
Assessing all IoT devices connected to home networks for suspicious activity
Avoid downloading apps from unofficial marketplaces advertising free streaming content
Keeping all operating systems, software and firmware up to date
Consumers who think they have been a victim of an intrusion can file a report with the FBI's Internet Crime Complaint Center (IC3) here.
Andover man accused of having sexual conversations with purported 13-year-old
Supreme Judicial Court upholds 2018 murder conviction in Latin King case
N.H. man arrested in Saugus, suspected of killing father in 2003
Boston police seek man involved in hit-and-run that left victim seriously injured
3rd Needham Public Schools employee charged with having child sexual abuse material
Read the original article on MassLive.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CBS News
an hour ago
- CBS News
DEA informant accused of trying to extort high-level cocaine traffickers, feds say
A drug informant who helped the U.S. Drug Enforcement Administration build some of its biggest cases has been arrested and charged with scheming to extort major cocaine traffickers facing extradition from Colombia and the Dominican Republic. Jorge Hernández, 57, was charged in a criminal complaint unsealed Wednesday with one count of conspiring to commit wire fraud. He remains in custody after being arrested and making his initial court appearance Wednesday in federal court in Fort Lauderdale. Feds allege scheme to defraud drug traffickers Court papers allege that Hernández operated a scheme starting in 2020 in which he pretended to be a paralegal who, for the right price, could obtain lighter sentences for drug kingpins, according to 17-page FBI affidavit. The FBI alleged that Hernández demanded payments of $1 million from six suspected drug traffickers who ended up surrendering or being extradited to the U.S. In exchange for the payments — which came in the form of cash, jewelry, properties and vehicles in Colombia — Hernández guaranteed short prison sentences that would be served "in an apartment similar to being on house arrest," the court papers said. But Hernández never delivered on his promises, nor did he have authority to offer such leniency. As the traffickers who thought they were buying influence grew upset, he would deny responsibility and shift blame to the traffickers' attorneys, the FBI said. Nestor Menendez, an attorney who represented Hernández at his initial appearance, declined to comment. "Bowling ball" helped build some of the biggest cases In two decades as a confidential informant, Hernández had been one of federal law enforcement's most prolific case-makers, providing the types of tips and information that led to prosecutions of high seas drug smugglers, a former University of Miami money laundering expert and a close ally of Venezuelan President Nicolás Maduro. Better known in law enforcement circles by his Spanish nickname Boliche — bowling ball — the beefy, bald-headed Colombian was also the star witness in the 2023 bribery trial of two former DEA supervisors convicted for leaking information on ongoing drug investigations. He got his start as an informant in 2000 shortly after he was arrested in Venezuela, where he had fled to escape drug dealers seeking to kill him, according to a 2023 investigation by The Associated Press. After bribing officials to secure his release, he approached the DEA, admitting to killing three people during his days as a drug runner near his home along Colombia's Caribbean coast. He then began helping the DEA build some of its biggest cases. Agents grew so reliant on Hernández's network of criminal associates across the Western hemisphere that they set him up with a phone and desk at a federal anti-narcotics task force, the AP found. Hernandez turned the tables on DEA The DEA terminated his cooperation agreement in 2008, court records show, after authorities discovered he had threatened to expose informants as snitches unless they paid him to keep quiet. But he kept close to some of his former DEA handlers and eventually returned to Miami. In 2016, he met DEA agent John Costanzo, who was supervising agents investigating Colombian businessman Alex Saab, a suspected bag man for Venezuela's Maduro. In 2023, Hernández testified against Costanzo and another former DEA agent convicted of taking bribes from narco defense attorneys. Hernández turned the tables on the DEA around the same time he was charged alongside University of Miami professor Bruce Bagley for helping move $3 million on behalf of Saab, who prosecutors said was secretly negotiating a deal to betray Maduro. Those charges remain under seal. In the complaint unsealed Wednesday, the FBI that Hernández is serving a term of probation on a federal conviction for conspiracy to commit money laundering that is set to end in May 2027.
American Press
an hour ago
- American Press
ICE raid nets 84 arrests at Delta Downs
The U.S. Immigration and Customs Enforcement arrested 84 people allegedly unlawfully in the country during a raid at a southwest Louisiana racetrack, the agency announced Tuesday. ICE said it raided the Delta Downs Racetrack, Hotel and Casino on Monday alongside other state and federal agencies, including the FBI and the U.S. Border Patrol. The raid occurred despite a recent Trump administration directive for immigration officers to pause arrests at farms, restaurants and hotels due to concerns over the economic impact of aggressive enforcement. Stephen Miller, White House deputy chief of staff and the main architect of Trump's immigration policies, has pushed ICE to aim for at least 3,000 arrests a day, up from about 650 a day during the first five months of Trump's second term. ICE said authorities had 'received intelligence' that businesses operating at the racetrack's stables employed 'unauthorized workers' who were then targeted in the raid. Of the dozens of workers detained during the raid, 'at least two' had prior criminal records, according to the agency. 'These enforcement operations aim to disrupt illegal employment networks that threaten the integrity of our labor systems, put American jobs at risk and create pathways for exploitation within critical sectors of our economy,' said Steven Stavinoha, U.S. Customs and Border Protection director of field operations in New Orleans, in a written statement. 'Our Company complies fully with federal labor laws, and to our knowledge, no Delta Downs team members were involved in this matter,' said David Strow, a spokesperson for Boyd Gaming Corporation which owns the racetrack, in an emailed statement. 'We will cooperate with law enforcement as requested.' In the past few weeks, ICE has engaged in other large-scale raids across Louisiana. On May 27, the agency raided a federally funded flood-reduction project in New Orleans and reported arresting 15 Central American workers. And the agency said it arrested 10 Chinese nationals working at massage parlors in Baton Rouge during a June 11 raid. Rachel Taber, an organizer with the Louisiana-based immigrant rights group Unión Migrante, criticized the raids. 'Our economy runs on immigrants,' Taber said. 'And when we let ourselves be divided by racial hatred, our economy for everyone suffers.'
Forbes
2 hours ago
- Forbes
16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now
The biggest password leak in history confirmed. getty Update, June 19, 2025: This story, originally published on June 18, has been updated with comments from the founders of Keeper Security regarding the 16 billion leaked passwords and other login credentials across the major tech vendor landscape. If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here's what you need to know and do. Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It's why Google is telling billions of users to replace their passwords with much secure passkeys. It's why the FBI is warning people not to click on links in SMS messages. It's why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it's why this latest revelation is, frankly, so darn concerning for everyone. According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, '30 exposed datasets containing from tens of millions to over 3.5 billion records each,' have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit. These collections of login credentials, these databases stuffed full of compromised passwords, comprise what is thought to be the largest such leak in history. The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors. Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception. 'This is not just a leak – it's a blueprint for mass exploitation,' the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. 'These aren't just old breaches being recycled,' they warned, 'this is fresh, weaponizable intelligence at scale.' Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to 'pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.' Not all password databases are tye result of compromise and infostealer malware, such as is the case with the 16 billion megadump here. Darren Guccione, the CEO and co-founder of Keeper Security, a privileged access management platform, told me that this GOAT passwords leak was an apt reminder of 'just how easy it is for sensitive data to be unintentionally exposed online.' And Guccione certainly isn't wrong, far from it in fact. This could be just the tip of the biggest security iceberg waiting to crash into the online world. I mean, just imagine how many exposed credentials, including passwords, are sitting there in the cloud, or more to the point in misconfigured cloud environments, waiting for some to find them. If we are lucky, that someone will be a security researcher who responsibly discloses the exposure to the owner or host; if not, then it will be a malicious actor. Who would you put your money on? 'The fact that the credentials in question are of high value for widely used services carries with it far-reaching implications,' Guccione said, which is why it is more important than ever for consumers to invest in password management solutions and dark web monitoring tools. The latter can help by alerting users when their passwords have been exposed online, hopefully enabling them to take direct action and update their account logins if the password has been reused across services. Organizations, however, do not escape the necessity of investment either. They should be looking at adopting zero-trust security models that provide privileged access controls to 'limit risk by ensuring access to sensitive systems is always authenticated, authorized and logged,' Guccione concluded, 'regardless of where the data lives.' Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. 'Organisations need to do their part in protecting users,' Javvad Malik, lead security awareness advocate at KnowBe4, said, 'and people need to remain vigilant and mindful of any attempts to steal login credentials. Choose strong and unique passwords, and implement multi factor authentication wherever possible." To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don't wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.
