A Chinese surveillance electronics firm has announced it will recall webcams and other products after hackers exploited security vulnerabilities in Internet of Things devices, causing widespread outages across popular websites last week.
Hangzhou Xiongmai Technology said it planned to recall all of its webcam models sold in the US, strengthen its password functions and send customers a patch for products produced before April 2015.
It is unknown how many devices will be recalled in total. Visitors to sites and services including Netflix, Spotify, Twitter, Airbnb and Reddit on Friday were met with loading screens or total outages following what security researchers are calling a “massive and sustained attack” conducted via video recorders, CCTV video cameras and other connected products.
The attack was executed using a sophisticated strain of malware, known as Mirai, which searches the internet for devices still using default passwords and usernames. It then takes control of the product and overwhelms targets with junk traffic until they crack under the strain, according to security researcher Brian Krebs.
An army of machines
The malware effectively created a botnet – a compromised army of infected devices – which attacked internet infrastructure firm Dyn’s servers, which provides crucial support for the affected sites and services.
Around 50,000 webcams participated in the attack, according to Chester Wisniewski, principal research scientist at security firm Sophos, though around 500,000 had been compromised in total.
Xiongmai said on its blog the vast majority of the device takeovers were made possible through users failing to change simple default passwords.
The company denies claims by security firms that its digital video recorders and webcams made up the bulk of targeted products.
Allison Nixon, director of research at security firm Flashpoint, said: “It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States”.
The source code for the malicious software was uploaded to site Hackerforums last year, meaning it is freely available for hackers to attempt new mass attacks.