In the wake of a denial of service attack that bogged down sites like Twitter, Github, Reddit, Airbnb, and many others at various times on Friday, one company is recalling webcams that may have been used to aid hackers in taking these popular sites offline.
Reuters reports that Chinese firm Hangzhou Xiongmai Technology Co Ltd announced the recall of all products — primarily webcams — that contain circuit boards or components from the company that were sold in the U.S. after they were identified as having a part in the recent attack.
The company says it will recall some webcams, send users updates for products made before April, and strengthen password functions to lessen the chance the devices will be used as an avenue for future hack attacks.
According to Xiongmai, security researchers believe that easy-to-guess default passwords for the devices aided hackers in the massive web attacks on Friday.
“Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too,” the company said in a statement.
Security researchers tell BBC News that hackers used thousands of the devices — including the recalled webcams — that make up the so-called Internet of Things to access popular websites.
Friday’s attack centered on DNS host Dyn. Attackers sent massive amounts of coordinated traffic to Dyn in order to overwhelm its ability to function. As a result, legitimate users connecting to sites managed by Dyn were not able to access the content they’re looking for, due to the barrage of robotic requests running interference.
BBC News points out that it’s unclear if the recall will resolve these devices’ vulnerability to being exploited by these sort of attacks.
In fact, researchers believe it will be difficult to stop such IoT attacks in the future, as it is increasingly easy for hackers to scan the internet for vulnerable cameras, DVRs, and other devices that could be taken over.
Another issue for these devices is the way in which they are made: components sourced from a number of companies, each with their own level of security.
by Ashlee Kieler via Consumerist