We've heard a lot about the cyber attacks that took down several popular websites such as Reddit, Twitter, Spotify and more. A report claims the attackers made use of home electronics and other devices to pull off one of the largest hacks on the internet, and that has pushed a manufacturer to recall products.
We understand Chinese electronic company Hangzhou Xiongmai issued a recall soon after it was revealed its cameras and DVRs were some of the devices that aided in the hacks. We understand Xiongmai webcams had weak default passwords, and as such, attackers took advantage of it.
Security researchers have claimed that a malware known as Mirai was used to infect devices with weak passwords, which in turn allows attackers to hit the web with one of the most significant hacks in history.
"Mirai is a huge disaster for the Internet of Things," Xiongmai said in an email to IDG News Service. "[We] have to admit that our products also suffered from hacker's break-in and illegal use."
Mirai is an interesting malware because it works by connecting internet of things devices in a slave-like manner on a single network. Attackers then use all devices to overload website servers, ultimately bringing them offline. It's a neat trick but one that can be dangerous as well if hardware companies do not implement strong default passwords and other security measures such as firewalls.
PC World reports that Mirai managed to spread to nearly 500,000 devices connected to the web. That's quite a lot, and it goes to show how many of our internet-centric devices are lacking support across the board.
In a statement, Xiongmai says it patched flaws in its devices back in 2015. After the patch, all its internet-related hardware should now ask users to create a new password. Now, we're not sure if this is mandatory or if users will have the option to bypass and continue using the default.
Could This Happen Again In The Future?
Chances are it will. We've seen time and time again how folks use weak passwords on the web, so we can assume they will also use weak passwords to secure their internet-centric hardware. Furthermore, since IoT devices are becoming the norm, hackers will have millions of options at their fingertips.
Can The Attacks Be Stopped?
This won't be an easy task, so we'll go with no, or better yet, not at this time. You see, many IoT devices cannot be updated quickly, so when there's a problem, users will just have to live with it or seek out a better option. Expense and time will see many folks sticking to the old instead of investing in the new.
The best option right now is to protect devices with stronger passwords to limit the scale of future attacks.