After Friday's massive DDoS attack that took down some of the world's most popular websites, Chinese electronics firm is initiating a product recall.
Many of the "Internet of Things" devices that were enslaved and used in the DDoS attack were made by Hangzhou Xiongmai Technology. Researchers accused the Chinese firm for shipping its webcams without any strong security features. The company has now confirmed that it will recall some of its webcams that it has sold in the United States.
Chinese firm recalls its products over DDoS botnet links
A large number of devices that were compromised by the Mirai malware include products manufactured by Xiongmai. Researchers called Mirai an effective malware because it exploits the poor security features of internet-connected devices, like webcams and video recorders. Manufacturers of IoT devices rarely send security updates, and do not force their users to change the default password. In many cases, end users don't even know if they can change the factory settings, leaving hundreds of thousands of devices open to criminal attacks.
After the accusations, the Chinese firm has now announced a product recall in the United States. "Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too." The company said that the biggest issue was users not changing default passwords. It also said that many of its products were well protected from cyber security breaches. Reports of a majority of Xiongmai being open to security threats are false, the company added.
The primary products Xiongmai will recall are all webcam models. The company said that it will strengthen password protections and send users a security patch for products made before April 2015.
Earlier in the month, the hacker who first wrote the code for Mirai malware, released it to the public. This allowed other criminal hackers to create their own botnets, comprised of networks of hacked webcams, routers and other internet-connected devices. Security experts have long advised to put the pressure on the IoT device manufacturers to introduce better security protocols. After the East Coast DDoS attack, we might finally see these companies strengthening security protections on the IoT devices they manufacture.