Chinese electronics firm Hangzhou Xiongmai Technology is initiating a product recall following the massive cyberattack that took down a part of the internet in the United States and parts of Europe on Friday (21 October). Last week, hackers launched waves of distributed denial of service attacks (DDoS) by harnessing hacked IoT devices, including webcams and digital recorders, to create a massive botnet of compromised connected devices.
The unprecedented cyberattack knocked multiple major websites offline including Twitter, Netflix, Spotify and Reddit by targeting DNS service provider Dyn, which controls the "address book" of the internet for dozens of major companies.
Xiongmai said it would recall some of its products sold the US after security researchers accused the firm, which makes parts for surveillance cameras, of shipping products with security errors such as the use of easy-to-guess default usernames and passwords in its software and camera components.
The firm noted that it will strengthen password functions and issue users a patch for products made before April 2015.
The company claimed that the biggest issue was users not changing their default passwords, maintaining that its products are well protected from possible cyberattacks. The Chinese firm also told the BBC that its webcams did not make up the bulk of the devices in the botnet.
"Security issues are a problem facing all mankind," the company said in a statement. "Since industry giants have experienced them, Xiongmai is not afraid experience them once, too."
The main products recalled by Xiongmai are its webcam models.
Another Chinese company, Dahua Technology, also admitted that some of its older camera and video recorders were also susceptible to attack if users had not changed their default passwords. The company said it would offer firmware updates on its website and offer discounts to users looking to exchange their devices.
A malware called Mirai was used to compromise connected devices in the major cyberattack, the source code for which was publicly released by a hacker group earlier in October. Independent security researcher Brian Krebs warned at the time that the leak would "virtually guarantee that the internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices."
Friday's cyberattack once again pulled the vulnerability and security of smarter, IoT devices into the spotlight with experts warning that often include basic security errors, giving malicious hackers ample, dangerous opportunities to exploit them and strike.
"The issue with these particular devices is that a user cannot feasibly change this password," Flashpoint researcher Zach Wikholm told Krebs. "The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist."
According to Level 3 Threat Research Labs, Mirai has infected at least 493,000 devices so far. The security firm says before the source code was released, just 213,000 gadgets were compromised, noting that the number of actual bots may be higher "based on an incomplete view of the infrastructure."
The Department of Homeland Security and the FBI said they were investigating the issue and "all potential causes" with providing any details about possible suspects. The DHS said it had a conference call with 18 major communication service providers following the cyberattack and is currently working on developing a set of "strategic principles" to better secure IoT devices, Reuters reports.
The agency said its National Cybersecurity and Communications Integration Center is working with companies, law enforcement and security researchers to deal with possible cyberattacks due to the constantly growing number of web-connected devices.