Home webcams that were hijacked to help knock popular websites offline last week are being recalled in the US.
Chinese electronics firm Hangzhou Xiongmai issued the recall soon after its cameras were identified as aiding the massive web attacks. They made access to popular websites, such as Reddit, Twitter, Spotify and many other sites, intermittent. Security experts said easy-to-guess default passwords, used on Xiongmai webcams, aided the hijacking.
The web attack enrolled thousands of devices that make up the internet of things – smart devices used to oversee homes and which can be controlled remotely.
In a statement, Hangzhou Xiongmai said hackers were able to take over the cameras because users had not changed the devices’ default passwords. Xiongmai rejected suggestions that its webcams made up the bulk of the devices used in the attacks. “Security issues are a problem facing all mankind,” it said. “Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too.”
It has also pledged to improve the way it uses passwords on its products and will send customers a software patch to harden devices against attack.The recall affects all the circuit boards and components made by Hangzhou Xiongmai that go into webcams. It is not clear how effective the recall will be in reducing the numbers of vulnerable devices hackers can call on to mount attacks.
Could This Happen Again?
Yes, and it probably will. The smart devices making up the IoT are proving very popular with the malicious hackers who make their living by selling attack services or extorting cash by threatening firms with devastating attacks.
Before the rise of the IoT it was tricky to set up a network of hijacked machines as most would be PCs that, generally, are more secure. Running such a network is hard and often machines had to be rented for a few hours just to carry out attacks. Now anyone can scan the net for vulnerable cameras, DVRs and other gadgets, take them over and start bombarding targets whenever they want.