China’s Xiongmai Tech admits product flaws contributed to cyberattack on US sites

Chinese company Hangzhou Xiongmai Technology has admitted that its webcam and digital video recorder products were partially responsible for a cyberattack against several major internet sites last Friday, as experts called for stronger cybersecurity measures for Internet of Things (IoT) devices.

Dyn, a US-based internet infrastructure company, experienced a distributed denial of service (DDoS) on its server infrastructure on Friday when malicious traffic from multiple sources flooded its system, resulting in disruptions for internet companies such as Twitter, Spotify and Amazon Web Services.

The attack was in part due to a malware known as Mirai, which scours the internet for IoT devices – such as digital video recorders and webcams from Hangzhou Xiongmai Technology with weak default passwords and vulnerable code – and instructs the devices to direct traffic towards an online service until it crashes.

“We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” Kyle York, chief strategy officer for Dyn, said in a statement.

Hangzhou Xiongmai Technology called Mirai a “huge disaster for the Internet of Things” in an emailed statement to US-based IDG News Service.

“[We] have to admit that our products also suffered from [the] hacker’s break-in and illegal use,” it said.