Webcams recalled after ‘Internet of Things’ security hack
Brave new world?
As science fiction becomes science fact and the ‘Internet of Things’ promises us a joined-up world in which we can control our electronic appliances from wherever we happen to be, it seems we’re also creating more opportunities for hardened hackers to attack us.
Which is why Chinese surveillance electronics firm Hangzhou Xiongmai Technology recently had to recall a batch of webcams after hackers exploited the devices’ security vulnerabilities, causing widespread outages across some high-profile websites.
During the outages, visitors to sites and services including Netflix, Spotify, Twitter, Airbnb and Reddit found themselves confronted with loading screens or total outages following what security researchers are calling a ‘massive and sustained attack’ via video recorders, CCTV video cameras and other connected products.
Malware and botnets
The attack used a sophisticated strain of malware – Mirai – which trawls the internet for devices that haven’t changed their default passwords and usernames. It then assumes control of the device and bombards targets with junk traffic until they stop working. This impromptu battalion of infected devices – otherwise known as a botnet – attacked the servers of internet infrastructure provider Dyn which resulted in the outage.
It’s thought that around 50,000 webcams were co-opted for the attack. The source code for the malicious software was posted on hacker site ‘Hackerforums’ last year, making it freely available for anyone looking to launch another similar attack.
Xiongmai rejected suggestions that its webcams made up the bulk of the devices used in the attacks, though it has promised to improve the way it uses passwords on its products and will send customers a software patch to harden devices against attack.
Because devices like cameras, DVRs and other gadgets are less secure – and therefore more vulnerable – than PCs, it’s easier for hackers to hijack them. Many of these devices are difficult to update; some are hard-coded which means they can’t be changed.
Even if recalls and updates are successful, there are still likely to remain plenty of unpatched devices for unscrupulous hackers to exploit. Some industry bodies are trying to draw up standards to improve security but in the meantime there are millions of insecure devices already installed and working.
Time to review your internet security? Maybe!
Bank of Cardiff is the nation’s premier small-business direct lender. Bank of Cardiff offers direct funding to small business owners, making working capital loans, small business lines of credit, equipment financing & equipment leasing to all 50 states.