Chinese firm recalls webcams used in last week's massive cyber attack

Chinese firm Hangzhou Xiongmai Technology is recalling webcams that were hijacked to stage a major cyber attack last week. 

The cyber siege took down a wide range of major websites including Twitter, Spotify and Reddit.

The attack targeted internet service company Dyn, which controls the ‘address book’ of the internet for dozens of major companies.  

Security experts believe that  ‘Internet of Things’ or IoT smart home devices were harnessed by hackers and use to bombard the websites with requests for information, overloading them and effectively shutting them down.

Hangzhou Xiongmai, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the US, strengthen password functions and send users a patch for products made before April last year.

It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. 

It said reports that its products made up the bulk of those targeted in the attack were false. 

While internet-connected home devices may make life easier, last week’s attack proved that they could also make us more vulnerable to hackers.

This is known as a DDoS (Distributed Denial of Service) attack. 

‘The all day disruption of DNS services first in the Eastern USA and later impacting customers of Dyn, a DNS provider, globally might be the beginning of a new era of internet attacks conducted via ‘smart’ things,’ said Chester Wisniewski, principal research scientist from security firm Sophos. 

‘Clearly they aren’t as smart as we think, if they can be so easily commandeered by random deviants on the internet to impact major services like Twitter, Reddit and Spotify. 

‘Going forward, it is critical that manufacturers eliminate default passwords and ensure devices can be remotely and automatically updated against security threats to help prevent this type of event recurring’. 

Last week’s attack allegedly used a botnet comprised of approximately 500,000 compromised smart security cameras, explains Mr Wisniewski.

‘There are 10s of millions more insecure “smart” things that could cause incredible disruptions, if harnessed’ he said.

The hack is though to to have been the result of the ‘Mirai’ code.

And last month, web security analysts warned of a flood of online attacks from hackers after the Mirai code for a bot used to carry out a huge hack was published online.

The code, which can turn unsecured devices such as web cameras, routers, phones and other hackable internet-connected devices into ‘bots’, can be used to target websites, knocking them offline.

A separate report last month from security experts Symantec warned that cybercriminal networks were taking advantage of lax IoT device security to spread malware and create ‘zombie’ networks capable of carrying out DDoS attacks. 

‘More than half of all IoT attacks originate from China and the US, based on the location of IP addresses to launch malware attacks’, said the report. 

High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. 

In some cases, IP addresses may be proxies used by attackers to hide their true location. 

While the amount of attacks on internet-connected home devices is high, the report explained that the hackers are usually trying to harness the power of the gadgets for a DDoS attack, rather than trying to hack into the individual’s home network.

The danger is that people don’t tend to spend as much effort ensuring that IoT gadgets are secure, as they would for their online bank account, or their computer. 

‘From laptops and mobile phones, to fitness trackers and routers to home security systems, smart TVs and baby monitors, any internet-connected device is a potential target but the ones with default passwords, infrequent updates and poor security protocols are the first to target’ said Nick Shaw, vice president and general manager of security firm Norton EMEA.

‘Often consumers don’t register that their connected wearables or home devices are exposed to the same risks as their laptop or mobile phone. 

‘As such they don’t take the steps to secure them properly. 

‘To reduce their risk of infection, consumers can change the default devices credentials, disabling unused services, modifying the privacy settings of the device and ensuring its firmware is up to date’.

The firm also released a list of the most common passwords used to break into internet-connected devices, including ‘12345’ and ‘password’. 

‘Unfortunately similar attacks are very likely,’ David Emm, principle security researcher at security software firm Kaspersky Lab told MailOnline. 

‘This isn’t the first time we have seen connected devices used as a vehicle for attack. 

‘In recent years baby monitors and webcams have hit the news on account of vulnerabilities which allow criminals to access the devices and redirect them for malicious purposes. 

‘This method of attack relies on human complacency. 

‘Consumers need to think twice about what IoT devices really need to be connected, disable superfluous functionality and change the default login and password credentials to something unique and complex right out of the box to prevent them being remotely accessed,’ he added. 

Sophos recommends that owners of smart TVs, lights, thermostats, routers and other internet connected devices keep the software on their devices up to date and immediately change the default passwords to something unique 

Symantec also recommends that people should disable features and services that are not required on IoT devices and disable them when they’re not being used.

The security firm also suggested using wired connection instead of wireless, where possible.