Chinese company Hangzhou Xiongmai Technology Co Ltd pulled off the US market a series of products that security researchers claimed were part of the IoT botnet Denial of Service attacks on U.S. infrastructures last week.
As both the FBI and the Department of Homeland Security investigate the DDoS attack, the Chinese company recaled a series of webcams that allegedly had security vulnerabilities actively exploited by the Mirai botnet. The official statement claims the recall is to strengthen password functions and issue security patches for products released prior to April 2015.
“Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too,” said the company statement.
With the Mirai malware exploiting weak or no authentication credentials built into IoT devices, experts believe the denial of service attack was mostly comprised of smart internet-connected devices that were weak on security. Internet-enabled cameras are believed to have made up the bulk of the botnet used to attack U.S. infrastructures, following investigations from security experts.
The entire US product line of web cameras is being recalled by Hangzhou Xiongmai Technology Co Ltd, with the company stating a patch fixing affected version will be issued. Because millions of smart devices are believed to have been controlled and coordinated against the Dyn DNS provider, experts believe unsecure IoT devices can pose significant risk to any service provider.
Clocking at 1.2 Tbps, the IoT botnet is also believed to be up for rent on the Darknet, for $7,500 a week.