Webcams used in cyber attacks on websites recalled

6:59 am on 25 October 2016

Home webcams that were hijacked to help knock popular websites offline last week are being recalled in the United States.

Spotify app

The attack disrupted access to sites such as Reddit, Twitter, Spotify. Photo: 123RF

Chinese electronics firm Hangzhou Xiongmai issued the recall soon after its cameras were identified as aiding the massive web attacks.

Hackers unleashed a complex attack through household devices like webcams and digital recorders, and cut access to some of the world's best known websites, such as Reddit, Twitter and Spotify.

Security experts said easy-to-guess default passwords, used on Xiongmai webcams, aided the hijacking.

The web attack enrolled thousands of 'smart' devices used to oversee homes and which can be controlled remotely.

In a statement, Hangzhou Xiongmai said hackers were able to take over the cameras because users had not changed the devices' default passwords.

But it rejected suggestions that its webcams made up the bulk of the devices used in the attacks.

"Security issues are a problem facing all mankind," it said. "Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too."

It has also pledged to improve the way it uses passwords on its products and will send customers a software patch to harden devices against attack.

The recall affects all the circuit boards and components made by Hangzhou Xiongmai that go into webcams. It is not clear how effective the recall will be in reducing the numbers of vulnerable devices hackers can call on to mount attacks.

Friday's cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple digital devices such as webcams.

These often lack proper security, and hackers found a way to harness millions of them to flood a target with so much traffic that it couldn't cope.

The smart devices are proving very popular with hackers who make their living by selling attack services or extorting cash by threatening firms with devastating attacks. The latest attacks reveal the possiblity that hackers can use the gadgets to spy and scoop up valuable data.

Many of the devices being targeted are hard to update and the passwords on some, according to one report, are hard-coded which means they cannot be changed.

- BBC / Reuters