China recalls 10,000 webcams after cyber attack

  • 26/10/2016

Up to 10,000 webcams will be recalled in the aftermath of a cyber attack that blocked access last week to some of the world's biggest websites, Chinese manufacturer Hangzhou Xiongmai Technology Co has told Reuters.

In Washington, a member of the US Senate Intelligence committee asked three federal agencies what steps the government can take to prevent cyber criminals from compromising electronic devices.

Friday's internet outage alarmed security experts because it leveraged a new type of attack using simple webcams and other connected devices that often lack proper security.

Hackers harnessed hundreds of thousands of those devices globally to flood US-based internet infrastructure provider Dyn with so much traffic that it could not cope, cutting access to major websites including PayPal, Spotify and Twitter.

The US Department of Homeland Security (DHS) said it had discussed the attacks in a conference call with 18 major communications service providers and was working to develop a new set of "strategic principles" for securing internet-connected devices.

The intelligence committee member, US Senator Mark Warner, a Democrat, sent letters asking DHS, the Federal Communications Commission (FCC) and Federal Trade Commission if they have adequate tools for combating the threat posed by "bot net" armies of infected electronic devices.

He asked FCC Chairman Tom Wheeler if communications providers have authority to deny internet access to electronics devices they deem insecure.

Senators Angus King, an independent, and Martin Heinrich, a Democrat, who also serves on the committee, on Monday asked the Obama administration to create uniform policies across government seeking to secure US networks by sharing any detected vulnerabilities with the private sector.

Xiongmai said it would recall some surveillance cameras sold in the United States after researchers identified they had been targeted in the attack.

Liu Yuexin, Xiongmai's marketing director, told Reuters the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal, rather than industrial, use.

Xiongmai had now fixed loopholes in earlier products, prompting users to change default passwords and block telnet access, Mr Liu said. He declined to give an exact number of vulnerable devices, but estimated it at fewer than 10,000.

Xiongmai devices were unlikely to suffer similar attacks in China and elsewhere outside the United States, where they are typically used in more secure industrial networks, Mr Liu said.