Chinese firm recalls webcams used in last week's massive cyber attack

  • Smart devices are thought to be responsible for major hack last week
  • Experts had previously warned of lax security on connected devices
  • Hangzhou Xiongmai webcams are thought to be among the devices involved in last week’s cyber attack. They are being recalled in the US

Libby Plummer For Mailonline

Chinese firm Hangzhou Xiongmai Technology is recalling webcams that were hijacked to stage a major cyber attack last week. 

The cyber siege took down a wide range of major websites including Twitter, Spotify and Reddit.

The attack targeted internet service company Dyn, which controls the ‘address book’ of the internet for dozens of major companies.  

Security experts believe that  ‘Internet of Things’ or IoT smart home devices were harnessed by hackers and use to bombard the websites with requests for information, overloading them and effectively shutting them down.

Chinese firm Hangzhou Xiongmai Technology is recalling webcams that were hijacked to stage a major cyber attack last week (stock image)

Chinese firm Hangzhou Xiongmai Technology is recalling webcams that were hijacked to stage a major cyber attack last week (stock image)

WHAT IS A DDOS ATTACK?

DDoS attacks are a primitive form of hacking using botnets – networks of computers that hackers bring under their control.

They do this by getting users to inadvertently download software, typically by following a link in an email or agreeing to download a corrupted file.

Even smart home gadgets such as connected cameras and DVRs can be taken over in this way. 

These botnets are then used to bombard the servers with simple requests for information carried out simultaneously, causing them to become overwhelmed and shut down. 

Hangzhou Xiongmai, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the US, strengthen password functions and send users a patch for products made before April last year.

It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. 

It said reports that its products made up the bulk of those targeted in the attack were false. 

While internet-connected home devices may make life easier, last week’s attack proved that they could also make us more vulnerable to hackers.

This is known as a DDoS (Distributed Denial of Service) attack. 

‘The all day disruption of DNS services first in the Eastern USA and later impacting customers of Dyn, a DNS provider, globally might be the beginning of a new era of internet attacks conducted via ‘smart’ things,’ said Chester Wisniewski, principal research scientist from security firm Sophos. 

‘Clearly they aren’t as smart as we think, if they can be so easily commandeered by random deviants on the internet to impact major services like Twitter, Reddit and Spotify. 

‘Going forward, it is critical that manufacturers eliminate default passwords and ensure devices can be remotely and automatically updated against security threats to help prevent this type of event recurring’. 

Last week’s attack allegedly used a botnet comprised of approximately 500,000 compromised smart security cameras, explains Mr Wisniewski.

‘There are 10s of millions more insecure “smart” things that could cause incredible disruptions, if harnessed’ he said.

The hack is though to to have been the result of the ‘Mirai’ code.

Security experts believe that 'Internet of Things' or IoT smart home devices, including smart TVs could be harnessed by hackers again in future
Security experts believe that 'Internet of Things' or IoT smart home devices, including smart TVs could be harnessed by hackers again in future

Security experts believe that ‘Internet of Things’ or IoT smart home devices, including smart TVs could be harnessed by hackers again in future

And last month, web security analysts warned of a flood of online attacks from hackers after the Mirai code for a bot used to carry out a huge hack was published online.

The code, which can turn unsecured devices such as web cameras, routers, phones and other hackable internet-connected devices into ‘bots’, can be used to target websites, knocking them offline.

THE MIRAI CODE

Last month, web security analysts warned of a flood of online attacks from hackers after code for a bot used to carry out a huge hack was published online.

The code, which can turn unsecured devices such as web cameras, routers, phones and other hackable internet-connected devices into ‘bots’, could be used to target websites, knocking them offline.

Security expert Brian Krebs, highlighted the publication of the code and warned of the potential for a huge hike in attacks by ‘internet of things’

A separate report last month from security experts Symantec warned that cybercriminal networks were taking advantage of lax IoT device security to spread malware and create ‘zombie’ networks capable of carrying out DDoS attacks. 

‘More than half of all IoT attacks originate from China and the US, based on the location of IP addresses to launch malware attacks’, said the report. 

High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. 

In some cases, IP addresses may be proxies used by attackers to hide their true location. 

While the amount of attacks on internet-connected home devices is high, the report explained that the hackers are usually trying to harness the power of the gadgets for a DDoS attack, rather than trying to hack into the individual’s home network.

The danger is that people don’t tend to spend as much effort ensuring that IoT gadgets are secure, as they would for their online bank account, or their computer. 

Last week, a major cyber attack took down a wide range of major websites including Twitter, Spotify and Reddit. The outage was thought to be largely the result of hijacked smart home devices
Last week, a major cyber attack took down a wide range of major websites including Twitter, Spotify and Reddit. The outage was thought to be largely the result of hijacked smart home devices

Last week, a major cyber attack took down a wide range of major websites including Twitter, Spotify and Reddit. The outage was thought to be largely the result of hijacked smart home devices

‘From laptops and mobile phones, to fitness trackers and routers to home security systems, smart TVs and baby monitors, any internet-connected device is a potential target but the ones with default passwords, infrequent updates and poor security protocols are the first to target’ said Nick Shaw, vice president and general manager of security firm Norton EMEA.

‘Often consumers don’t register that their connected wearables or home devices are exposed to the same risks as their laptop or mobile phone. 

‘As such they don’t take the steps to secure them properly. 

‘To reduce their risk of infection, consumers can change the default devices credentials, disabling unused services, modifying the privacy settings of the device and ensuring its firmware is up to date’.

The firm also released a list of the most common passwords used to break into internet-connected devices, including ‘12345’ and ‘password’. 

‘Unfortunately similar attacks are very likely,’ David Emm, principle security researcher at security software firm Kaspersky Lab told MailOnline. 

‘This isn’t the first time we have seen connected devices used as a vehicle for attack. 

TIPS FOR KEEPING YOUR SMART HOME KIT SECURE 

Owners of IoT devices including smart TVs, lights, thermostats should:

– Keep software up to date and regularly check for updates 

– Immediately change to a strong password

– Disable features and services that are not needed

– Turn off IoT devices when not in use 

– Check privacy settings 

‘In recent years baby monitors and webcams have hit the news on account of vulnerabilities which allow criminals to access the devices and redirect them for malicious purposes. 

‘This method of attack relies on human complacency. 

‘Consumers need to think twice about what IoT devices really need to be connected, disable superfluous functionality and change the default login and password credentials to something unique and complex right out of the box to prevent them being remotely accessed,’ he added. 

Sophos recommends that owners of smart TVs, lights, thermostats, routers and other internet connected devices keep the software on their devices up to date and immediately change the default passwords to something unique 

Symantec also recommends that people should disable features and services that are not required on IoT devices and disable them when they’re not being used.

The security firm also suggested using wired connection instead of wireless, where possible.  

Read more:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top