Xiongmai, the Chinese company whose webcams were at least partially responsible for Friday’s massive DDoS attack, is recalling some of its products in the US.
Security researchers say that Friday’s cyberattack — which is being investigated by the FBI and Department of Homeland Security — was caused in part by malware known as Mirai that targets IoT (Internet of Things) devices like webcams and DVRs. Many Xiongmai devices, which were using poor or no security measures, were used in the attack, which targeted the DNS provider Dyn.
As a result, the company is now recalling some of its products. The Guardian reports:
The electronics components firm, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products made before April last year.
It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. It said reports that its products made up the bulk of those targeted in the attack were false.
There’s also this cryptic statement about the recall from Xiongmai:
“Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too,” the company statement said.
Of course, the broader problem is that recall or not, most people who buy a connected webcam or DVR don’t even know that it has a password and changing it isn’t always straight-forward. Given the increasing ubiquity of IoT devices, Friday’s attack is a likely sign of only bleaker things to come.