Xiongmai recalls products which enabled massive weekend cyberattack
Mon 24 Oct 2016
Chinese technology firm Hangzhou Xiongmai has admitted that known security flaws in their webcams and surveillance devices were exploited by hackers to assist in Friday’s cyberattack, which affected internet service worldwide.
Xiongmai is issuing a recall of some of these products, mainly webcams, to correct product flaws, including strengthening passwords and issuing a patch for devices manufactured prior to April. They are also encouraging users of Xiongmai products that are not part of the recall to change their passwords, particularly those who are still using the default password on their devices.
In an emailed statement, Xiongmai representative Cooper Wang said, “Mirai is a huge disaster for the ‘Internet of Things.”
He continued, “[We] have to admit that our products also suffered from hackers’ break-in and illegal use.”
On Friday, hackers launched a coordinated attack on major websites routed by intermediary Dyn, exploiting everyday devices such as webcams and DVRs to flood Dyn servers with requests. This caused Dyn servers to shut down, upsetting traffic to major websites such as Twitter, Google, Netflix and Amazon.
The hackers used Mirai malware to infect everyday devices, leveraging the proliferation of internet-connected devices like webcams. They targeted Xiongmai products because of known security flaws, among which are their hardware-level passwords. This facility allows customers to use products right out of the box without a lengthy setup; however, many users skip over resetting the password at initial use, making the device vulnerable to malicious entities.
The hackers were able to exploit security flaws on everyday devices that make up the Internet of Things, effectively turning thousands of webcams and DVRs into botnets, which were then directed to flood Dyn servers with traffic until their servers were disabled.
This attack mirrored one from this summer, when hackers used compromised security in CCTV cameras to launch a distributed denial of service (DDoS) attack originating in Taiwan.
Friday’s cyberattack marked one of the largest DDoS attacks originating in the United States, and has sparked discussion on the vulnerabilities inherent in the Internet of Things. Representatives from Xiongmai were quick to assure their customers that reports that Xiongmai products made up the majority of those used in the cyberattack were false, and that overall, their products are well protected from cyber security breaches.
Users with internet-connected devices are warned to take precautions including updating passwords, ensuring that IoT devices are run on a closed network with limited internet access, and restricting the devices to access only the specific services it requires to function.