Chinese webcam manufacturer Xiongmai has issued a recall of around 10,000 compromised webcams, which were linked to a serious U.S. cyberattack last week.
The attack rendered major websites like Spotify and Twitter offline for hours. It took security experts a few days to figure out exactly what happened, as this is a new type of attack that takes devices with lacklustre security and uses them to overload websites with traffic.
Most consumer webcams have no security or encryption on the device, leaving them open to attack. Webcam owners tend to not change the password on the device, so hackers were able to gain entry quicker.
Xiongmai has patched the vulnerability and blocked access to telnet. It has also prompted users to update webcam passwords to avoid another attack.
“The reason why there has been such a massive attack in the U.S. and (one) is not likely going to be in China is that most of our products in China are industrial devices used within a closed intranet only,” said Liu Yuexin, Xiongmai’s marketing director to Reuters. “Those in the U.S. are consumer devices exposed in the public domain.”
Liu also mentioned plans to move to a more secure operating system and add additional encryption to webcams, to avoid a similar attack in the future.
“Internet of Things (IoT) devices have been subject to cyber attacks because they are mostly based on the Linux open source system,” he said. “Our R&D department had been looking to develop products based on other systems since 2015 and plan to do more in the future.”