Webcams involved in Friday's internet recalled


The company says that, in addition to the recall, it'll send a software patch to strength its products against future attacks and look into improving the way it uses passwords on its device.

Hangzhou Xiongmai Technology, a Chinese company whose DVRs and webcams were hijacked and used to carry out the DDoS attack, is recalling all of its webcam models, according to Reuters. Hangzhou Xiongmai Technology said that it believes its products are well-protected and, "Security issues are a problem facing all mankind". The cameras still had their default passwords, the company said, making them easy targets for hacking. Vulnerable webcams are the focus of the recall.

Allison Nixon, director of research at the security firm Flashpoint, said its web-enabled CCTV cameras and digital video recorders were compulsorily networked together using the sophisticated malware program Mirai to direct the crushing number of connection requests to Dyn's customers.

Its devices now ask customers to change the default password upon first use, but products running older versions of the firmware remain vulnerable.

The unprecedented distributed denial-of-service (DDoS) attack that disrupted access to scores of websites and services on Friday has led to some action: a product recall. "The issue with these particular devices is that a user can not feasibly change this password", Wikholmtold Krebs.

El Reg has been banging on about IoT security for ages. And how many other poorly secured devices are out there?

The firm's devices do not force the end-user to change the default password, leaving many thousands open to rogue access.

Brian Karas, a business analyst with IPVM - a subscription-based news, testing and training site for the video surveillance industry - said the Chinese government has an ownership stake in Xiongmai and related IoT device makers including Dahua and Hikvision, and that over the past five years China's market share in the video surveillance industry has surged.

Also interesting is that numerous infected devices can be traced back to a single company, a Chinese electronics company called Hangzhou Xiongmai Technology.

With the help of two other firms, Dyn confirmed the cyber attack was launched at least in part by Internet of Things devices that belong to a network of bots infected with a malware called Mirai.