Home webcams that were hijacked to help knock popular websites offline last week are being recalled in the US.
Chinese electronics firm Hangzhou Xiongmai issued the recall soon after its cameras were identified as aiding the massive web attacks.
They made access to popular websites, such as Reddit, Twitter, Spotify and many other sites, intermittent.
Security experts said easy-to-guess default passwords, used on Xiongmai webcams, aided the hijacking.
The web attack enrolled thousands of devices that make up the internet of things – smart devices used to oversee homes and which can be controlled remotely.
In a statement, Hangzhou Xiongmai said hackers were able to take over the cameras because users had not changed the devices’ default passwords.
Xiongmai rejected suggestions that its webcams made up the bulk of the devices used in the attacks.
“Security issues are a problem facing all mankind,” it said. “Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too.”
The company said it was also improving the way it put passwords on its products and would send customers a software patch that hardened the devices against attack.
The recall affects all the components made by Hangzhou Xiongmai that go into webcams. It is not clear how effective the recall will be in reducing the numbers of vulnerable devices hackers can call on to mount attacks.
Chester Wisniewski, principal research scientist at security firm Sophos, said about 500,000 webcams had been turned into “bots” that attackers used to overwhelm websites and servers with data.
“Friday’s attack only used approximately 10% of these bots, demonstrating the incredible power wielded by just one type of device,” he said. “There are tens of millions more insecure ‘smart’ things that could cause incredible disruptions, if harnessed.”
Credit to : BBC NewsTweet