Connect with us

Hi, what are you looking for?

Tech & Science

Webcam company recalls devices that caused internet outage

On Friday, a wide range of popular online services were inaccessible for much of the day in the U.S. as DNS provider Dyn faced an enormous DDoS (distributed denial of service) attack. The company provides infrastructure that maps website addresses to the servers powering public websites and apps.
In the hours after the attack, researchers traced the source of the malicious traffic to a giant botnet coordinated by the Mirai malware. They found that “tens of millions” of devices around the world were used to overwhelm Dyn’s services, the majority of them hijacked “smart” Internet of Things (IoT) products such as webcams, printers and digital video recorders.
One of the companies linked to the attack was Xiongmai Technologies. The Chinese technology company manufactures a range of internet-connected products that have very weak security. It builds components that are then sold onto downstream vendors for inclusion in their devices, allowing attackers to gain access to millions of products.
Security experts warned that Xiongmai and other companies included a default user account in their software that hackers could use to connect to devices. Because every product has the same username and password, it would be trivial for a cybercriminal to scan the Internet for vulnerable products, upload malicious software to each one and link them into the giant botnet that bombarded Dyn on Friday.
Since details of the attack were made public, Xiongmai acknowledged the role of its products in the DDoS. It announced a recall of its webcams in the U.S. to reduce the chances of hackers using the same technique again.
Analysts have questioned how effective the recall will be. It covers all of Xiongmai’s circuit boards and components and could extend to several different product ranges marketed under many brand names. However, it is not clear whether Xiongmai’s downstream vendors will actively communicate with customers to publicise the recall.
In a statement to the BBC, Xiongmai suggested its users were at fault for not changing the default passwords on its devices. However, analysts have criticised the claim, noting the accounts in question are not accessible to the user. “A user cannot feasibly change [the] password,” security firm Flashpoint had earlier said to cybersecurity expert Brian Krebs.
“Security issues are a problem facing all mankind,” Xiongmai told the BBC. “Since industry giants have experienced them, Xiongmai is not afraid to experience them once too.”
Xiongmai has said it will change the way it manages default user accounts on its future products. The company is also planning to develop a software patch for existing devices to make their security more robust. Again, it is not clear how successful it will be or whether customers will have an easy way of knowing the update is available.
While Xiongmai appears to be stepping in the right direction, there are still plenty of other companies producing cheap IoT products with similar flaws. In a scan of the internet on October 6, researchers at Flashpoint Security found 515,000 devices that could be susceptible to hijacking in this way.
It is still unknown who was behind the attack on Dyn last Friday. The rise of cyberattacks targeting the Internet’s infrastructure instead of individual websites is a concerning trend. The weak security around the Internet of Things is providing hackers with hundreds of thousands of devices to weave together into botnets, making more ambitious campaigns feasible.

Written By

You may also like:

Sports

To assess the cost of flying to the Olympics, the website Sportscasting.com has gathered and analysed the cost of roundtrip flights.

Tech & Science

By finding a way to synthesize on a large scale a naturally occurring compound that has not previously been used for antibacterial applications...

Business

Italian luxury carmaker Ferrari on Friday inaugurated a new solar-powered factory at the group's historic Maranello site.

Tech & Science

The United States unveiled sanctions Friday against 12 top leaders of the Russia-based cybersecurity firm Kaspersky Lab.