[UPDATED] Chinese manufacturer admits fault in massive cyber attack

manufacturer

Mirai has struck again, hacking IoT devices to take out major websites such as Twitter, Spotify, Amazon and Paypal. Chinese electronics manufacturer Hangzhou Xiongmai Technology has admitted its inadvertent role in the attack.

As reported by PACE earlier this month, a malware source code dubbed ‘Mirai’ has been publically released. Within two weeks of its release, Mirai was used to infect approximately 300,000 IoT devices. Merely days after this number was reported by PACE, the malware code was utilised in a massive DDoS attack on US internet provider Dyn, which caused interruptions and outages on major internet services.

According to media reports, millions of internet users were unable to access websites of major online companies such as Twitter, Spotify, Amazon, Paypal, Netflix, Reddit, Etsy and Github.

US media outlets including CNN, The Guardian, Wired, HBO and People also suffered due to the attack.

Outages were experienced across much of the US and some parts of Europe.

Last week, PACE reported that products from Xiongmai had been identified as vulnerable to Mirai. The company, a vendor of DVRs and internet-connected cameras, has since admitted its inadvertent role in this latest attack.

“Mirai is a huge disaster for the Internet of Things,” said Xiongmai in an email to IDG News Service.

“We have to admit that our products also suffered from hackers’ break-in and illegal use.”

According to the company, it patched flaws with its products in September 2015, with its products now prompting users to change the default password when used for the first time. However, products running older firmware are still vulnerable.

UPDATE: The manufacturer has initiated a recall of some of its older US models. The company is also in the process of strengthening password functions and sending users a patch for products made before April 2015. It has rejected suggestions that its web cameras made up the bulk of the devices targeted in the attacks. 

Other manufacturers such as Dahua and Sierra Wireless were also identified as having vulnerable products. Sierra Wireless sent its customers an email warning them to change their passwords.

According to security experts, Mirai tests for 62 “horribly insecure” default passwords, starting with “admin:admin”. Once it succeeds in logging in to the account, it attempts to kill and block anything running on ports 22, 23 and 80, and locks the user out of their own device.

It is recommended that users not only change their passwords from the default setting to something more secure, but also change the default SSID and network access passwords.