China’s Xiongmai to recall up to 10000 webcams after U.S. hack

Dyn, a major DNS (Domain Name System) provider in New Hampshire, reported that hackers triggered a distributed denial of service (DDoS) attack on the company’s infrastructure, affecting internet use in the USA and Europe.

Blocking access to your devices is not always possible, but can be as simple as rebooting them and resetting the passwords.

“The obvious point that we learned from last week’s attack is that the Internet of Things has made the threat of a denial-of-service attack more potent than ever before”, Timothy Edgar, a director of law and policy at Brown University’s cybersecurity program, told TIME.

XiongMai Technologies acknowledged that a piece of malware known as “Mirai” that’s spreading around the internet targets vulnerabilities in their products. According to the security firm Kaspersky Lab, Hangzhou Xiongmai announced recalls for 4.3m circuit boards used in cameras on Friday.

Chinese electronics maker that has recalled millions of products sold in the USA said Tuesday that it did all it could to prevent a massive cyberattack that briefly blocked access to websites including Twitter and Netflix. “Those in the US are consumer devices exposed in the public domain”. And that’s a long shot.

But Dyn’s attackers may not have been using the full brunt of Mirai’s force.

“It’s not sophisticated, it’s not clever, it’s just waiting to happen”, he adds.

In their report on Tuesday, Flashpoint again said that while the Mirai botnet was used in Friday’s attack, the command and control server managing the botnet was “separate and distinct” from those used in the previous Mirai attacks against OVH and journalist Brian Krebs.

China would like you to know that it’s not to blame for last week’s massive DDoS attack, thank you very much, and it has a legal team ready to prove it. Historically speaking, that’s the M.O. of stresser/booter service providers, sometimes run by non-advanced but highly persistent teenagers.

It is not yet known where the attack on Dyn originated, “but DDoS attacks are often coordinated from out of the United States, so the USA government’s power is very limited in these circumstances”. “Since their tweet about this, the Mirai source code was publicly released, which now makes it hard to attribute the attack to any individual or organization”.

Thus far, there has been no indication of the magnitude of the 21 October attack. DDoS attacks of this size were unheard of even six months ago.

One of the sources of the attack was a botnet compromised of internet-connected devices or Internet of Things. When combined with other methods, particularly IoT botnets, we could soon see attacks reaching previously unimaginable scale, with far-reaching impact.

Resetting a device to factory settings can delete any malware that’s already embedded. He said the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal, rather than industrial, use. “Topple the current leader of this war, and the others will soon be fighting to claim their throne”.

Mark James, an expert with Slovakia-based security company EST, said that he doubted Xiongmai could be held liable for an attack such as Friday’s, but that the company’s officials “obviously recognize a concern here”.

Xiongmai had now fixed loopholes in earlier products, prompting users to change default passwords and having telnet access blocked, Liu said. It’s also advising users to firewall the devices and block all unnecessary ports.

By exploiting the devices’ Web connections, hackers could infect them with malicious software and use them to paralyze huge portions of the Internet with a barrage of junk data in what is known as a distributed denial of service, or DDoS, attack. “There are millions and millions of cameras out there on the shelves and in people’s homes and there’s no security on them”, he said. He then reinstalled a clean copy of the firmware.