Mirai is causing headaches not just for the website owners targeted by DDoS attacks but the companies making the devices roped into massive botnets.
Hanzhou XiongMai Technologies – one of the manufacturers whose internet facing products were compromised in a massive DDoS attack at the weekend – has issued a product recall in the United States.
XiongMai manufactures parts for surveillance cameras among other electronics but is set to recall all webcams according to a report by The Guardian. The firm also said that reports that its devices were responsible for a large portion of the malicious traffic sent to Dyn at the weekend were untrue.
The firm has said that the biggest problem with its devices was that users did not change the default password and that its products were well guarded from cyber attacks otherwise.
“Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too,” XiongMai said in a statement.
What XiongMai does not allude to however is the fact that they way Mirai operates makes it almost impossible for a user to change their credentials. Mirai communicates with its botnet via Telnet and SSH services. Simply put, if you were to open up the command prompt application on your Windows PC and type in your targeted Telnet address and use the default username and password you could get into the device without a backward glance.
Perhaps now that firms are having to recall products and fend off massive botnet accounts we can have a serious conversation about the security of the internet of things. We’ll be here unplugging our toasters, fridges and laptops in the meantime.
[Via – The Guardian]