Trending: With its Elasticsearch distribution, Amazon Web Services sends more shockwaves through open-source software
A Hangzhou Xiongmai connected camera, which is often used in security systems. The company has not specified which cameras are under recall. Photo: Hangzhou Xiongmai Technology.

Details are beginning to emerge after Friday’s massive attack against DNS host Dyn, which intermittently shut down sites including Twitter, Amazon, Reddit, and Spotify over a period of eleven hours.

On Friday, a Dyn spokesperson said the company’s services had been attacked via tens of millions of IP addresses in what appeared to be a botnet attack known as Mirai, which uses unsecured or easily accessed Internet of Things devices to power DDOS attacks.

Since then, Chinese company Hangzhou Xiongmai has put out a recall for webcams that appear to have been used widely in the attacks, according to a report by the BBC. The company was pinpointed by security officials as providing much of the hardware used in the attack, and the company’s easy-to-crack default passwords may have made the devices easier for attackers to access.

Xiongmai told the BBC that it rejected the assertion that its devices made up the majority of those in the attack, pointing out that security is a concern for many industry leaders. The company also said that attackers were aided because users had not changed their default passwords, a common practice that creates security risks for IoT devices.

Xiongmai said it will send users a software patch to make existing devices more secure and upgrade its password functions.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Comments

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.