Hangzhou Xiongmai Technology, which manufactures web-connected cameras and digital recorders, has said in a press note following the massive cyber attack in the US that it did everything possible to prevent the cyber attack, but it was down to customers to take the preventive measures like changing default passwords to ensure that their device is not used in the way it was.
The attack in the US last week was one of the most massive ones ever with access to multiple websites including Twitter and Netflix blocked temporarily. According to the press note, Xiongmai and other companies across the home surveillance equipment industry were notified of the vulnerabilities as early as April 2015 and Xiongmai did everything it could to patch the vulnerabilities. Further the company has also said that media and the security industry should refrain from singling them out because it wasn’t their fault and it was down to customers to make precautionary measures.
The hack has heightened long-standing fears among security experts that the rising number of interconnected home gadgets, appliances and even automobiles represent a cybersecurity nightmare. The convenience of being able to control home electronics via the web also leaves them more vulnerable to malicious intruders, experts say.
Unidentified hackers seized control of gadgets including Xiongmai’s on Friday and directed them to launch an attack that temporarily disrupted access to a host of sites, ranging from Twitter and Netflix to Amazon and Spotify, according to US web security researchers.
The “distributed denial-of-service” attack targeted servers run by Dyn, an internet company located in Manchester, New Hampshire. These types of attacks work by overwhelming targeted computers with junk data so that legitimate traffic can’t get through.
Researchers at the New York-based cybersecurity firm Flashpoint said most of the junk traffic heaped on Dyn came from internet-connected cameras and video-recording devices that had components made by Xiongmai. Those components had little security protection, so devices they went into became easy to exploit.
In an acknowledgement of its products’ role in the hack, Xiongmai said in a statement Monday that it would recall products sold in the US before April 2015 to demonstrate “social responsibility.” It said products sold after that date had been patched and no longer constitute a danger.