Technology / Chinese firm recalls webcams used in DDoS attack on major DNS provider

Chinese firm recalls webcams used in DDoS attack on major DNS provider

A Chinese technology firm has recalled some of its products following a distributed denial of service (DDoS) attack on a DNS provider.

Websites around the world experienced availability issues last week after Dyn was hit by a series of cyber attacks, slowing down DNS requests and causing outages.

Now Hangzhou Xiongmai Technology is recalling some of its products in the United States after security researchers said it made parts for devices used in an Internet of Things (IoT) botnet that was used to launch the DDoS attack on Friday.

The recalls include its home webcams, which experts said the attackers were able to hack and take control of due to their easy-to-guess default passwords - an issue the firm has promised it will rectify in future, along with a security patch.

However, the company told the BBC its cameras did not make up the bulk of the devices used and said many other companies have also had security issues in the past.

Cyber security experts have been increasingly warning manufacturers and consumers that insecure connected devices could be hacked and used to launch attacks.

In September, researchers from Symantec said malware targeting the devices has “come of age” and poor security on many devices makes them a “soft target”.

“Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords,” they wrote in a blog post.

Experts have warned the companies that make connected devices that cyber security needs to be considered from the beginning of development.

“When you build a device, as an industry that threat modelling needs to happen at the start of the process, not the end,” Huawei’s European cyber security officer David Francis said at the FT Cyber Security Summit. “It needs to be built in, not bolted on.”

And Intel Security’s Raj Samani has warned that ransomware could soon target the IoT.

The reality is that we will be fully connected, fully online and we are moving towards that really quickly,” he said. “The challenge is to make consumers aware… The concept of today’s ransomware is to lock your data, but we are showing here that it is the device.”

teiss

Shares

Get our latest features in your inbox

Join our community of business leaders