Last week, a DDoS attack targeting the DNS provider Dyn managed to disrupt access to many popular sites like Twitter, Amazon, and PayPal. It was discovered that many Internet of things devices like DVRs, cameras, and toasters were part of a botnet that was used in the attack. Some sources have pointed the finger at one hardware manufacturer in particular, the Chinese company Xiongmai.
Xiongmai has issued a statement acknowledging some security issues with its products and is issuing a recall on certain devices sold in the United States. The main products to be recalled are webcam models, according to the company. The company primarily sells circuit boards preloaded with software that are then used by third parties to build their own products. This may make the recall more complicated. Many owners may not even be aware that their devices contain Xiongmai hardware.
The company also stated that it will strengthen passwords and send a patch to improve the security of devices sold before April 2015. The company places most of the blame for the security weakness on users because they continue to use the factory default password. However, security firms have reported that at least some Xiongmai devices have hardcoded passwords and there is really no way to make them secure.
The company claims that its devices are well-protected from cyber security threats. It also pushes back on reports that machines containing its hardware were the majority of the devices used in the DDoS attack last week. The company claims those reports are false. Xiongmai also seems to suggest that its security issues are not a big deal because other companies have faced security issues as well. The statement reads, “Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too.”
Should manufacturers and vendors of Internet of things devices make them more secure against cyber threats? Leave your comments below.