[LINK] itN: Chinese 'DDoS camera' maker recalls vulnerable devices

Roger Clarke Roger.Clarke at xamax.com.au
Tue Oct 25 14:10:41 AEDT 2016 

[For a device that is likely to be Internet-connected, a pretty basic security feature is code to force a change of password prior to enabling functions on the first occasion that a device is used.

[The effort required to do that is pretty small.  

[And retro-fitting such a feature shouldn't be all that much harder.

[Personally, I'd regard the absence of such a measure in, say, 2014, as negligence.  And I'd be interested in a legal discussion about whether it constitutes criminal negligence, and a policy discussion about whether it *should* do so.]


Chinese 'DDoS camera' maker recalls vulnerable devices
By Staff Writers on Oct 25, 2016 12:37PM
Users do not change the default password.
http://www.itnews.com.au/news/chinese-ddos-camera-maker-recalls-vulnerable-devices-440028

Chinese firm Hangzhou Xiongmai Technology will recall some of its products sold in the United States after it was identified by security researchers as having made parts for devices that were targeted in a major hacking attack on Friday.

Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders, and cut access to some of the world's best known websites in a stunning breach of global internet stability.

The electronics components firm, which makes parts for surveillance cameras, said it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products made before April last year.

It said the biggest issue was users not changing default passwords, claiming reports that its products made up the bulk of those targeted in the attack were false.

"Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too," the company statement said.

Friday's cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple digital devices such as webcams.

These often lack proper security, and hackers found a way to harness millions of them into a botnet using the Mirai and Bashlight malware to perpetrate the distributed denial of service (DDoS) attack.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			             
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/ 

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list