Chinese manufacturer recalls devices used at Dyn-ddos

Chinese company Xiongmai is recalling certain products it sells in the US. The company makes parts of webcams, which were used in the recent DDoS attacks on DNS provider Dyn.

Reuters news agency reports that the company is announcing a recall of some of its products, improving passwords and releasing patches for devices manufactured before April 2015. It is unclear which products the company is recalling exactly, the coverage only speaks of webcams.

According to Xiongmai, the biggest problem is that users don’t change the default passwords of his devices. ComputerWorld writes that the manufacturer now asks users to change the default password when using devices. The company also released a security update in September 2015. However, devices that do not have the new firmware are still vulnerable. Previous criticisms of the devices centered on the lack of an option to change the pre-programmed password.

Several security companies recently reported that the ddos ​​attack on dns provider Dyn was carried out by the Mirai botnet. This consists of about half a million Internet-of-things devices infected with malware, which have no or poor security. On Friday, Dyn was the target of large-scale DDOs attacks, rendering popular sites such as Reddit, Twitter and GitHub inaccessible. A first attack targeted data centers on the US East Coast, a second targeted data centers around the world. About twenty percent of the Mirai botnet is said to have been deployed during the attack on Dyn. Xiongmai disputes that his webcams make up the bulk of the devices used in the attack.

The Mirai botnet has previously been used to shut down journalist Brian Krebs’ site. In the days that followed, a person disclosed the source code of malware used to infect IoT devices and include them in the botnet.