Massive Cyber Attacks triggers recall of IoT devices in the US

The massive cyber attack which shook the entire web world at the end of this October has forced a component manufacturing company to recall all its IoT devices sold to the US ranging from security cameras to digital recorders.

On October 21st, 2016, a massive cyber attack was launched on a Domain Naming service called Dyn, Inc. This made many web service providers like Twitter and Netflix face a severe downtime. The group which was responsible for the cyber crime was able to overwhelm Dyn’s servers with a distributed denial of service attack.

To achieve this, the attackers used malware called Mirai to take control of IoT Devices such as CCTVcameras, using Hangzhou Xiongmai’s hardware components to form a botnet. As a result of this attack, the botnet succeeded in generating fake network traffic from tens of millions of IP addresses causing Dyn’s network to crash within few minutes of the attack.

Hangzhou Xiongmai Technology, a Chinese company offering electronics components to device makers has announced that it is going to recall all the four million products sold to the US. The Chinese electronics maker feels that the October 21st,2016 attack was a result of users using the weak and default passwords on its devices.

According to a reliable source, the company became aware of the fact that its cameras had a security flaw at the end of last year. On an immediate note, a firmware update was released to fix the issue and all customers were asked to change the default passwords. But the request reached only a few users( for reasons) resulting in most of the company devices severely affected with the cyber attack by using the default passwords.

Now, as an act of good faith, Hangzhou Xiongmai has agreed to recall over 4 million devices which include surveillance equipment made for banks, stores, and residential areas. The company believes that this recall can act as a quick fix for all its 4 million devices running old firmware with default passwords.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display