Chinese firm acknowledges inadvertent role in cyberattack | CNNMoney

Hardware and software from the Chinese supplier XiongMai Technologies were exploited to create the massive Mirai botnet, according to an analysis by the firm Flashpoint. (Pictured: DVR board sold by XiongMai)
Hardware and software from the Chinese supplier XiongMai Technologies were exploited to create the massive Mirai botnet, according to an analysis by the firm Flashpoint. (Pictured: DVR board sold by XiongMai)

In-brief: the Chinese firm whose software powers many of the devices taking part in the Mirai Internet of Things botnet acknowledged some responsibility for the incident. 

CNNMoney has an interesting story on the Chinese hardware and software vendor, XiongMai Technologies, whose technology is used by a wide range of IP enabled cameras, digital video recorders.

Devices running XiongMai software, which contain hard coded administrator accounts that cannot be disabled, as well as an authentication bypass vulnerability, are the foundation of the Mirai botnet. You can read more about XiongMai in our story “Shoddy Supply Chain lurks behind Mirai Botnet.”

“[We] have to admit that our products also suffered from hackers’ break-in and illegal use.”

In an email message to CNNMoney, company representative Cooper Wang called Mirai “a huge disaster for the ‘Internet of Things,’ and admitted that his company’s software was partially to blame.”[We] have to admit that our products also suffered from hackers’ break-in and illegal use,” Wang said in an email.

XiongMai says components made after September 2015 no longer have this susceptibility and users should update the firmware of products sold before that date.

As we’ve noted, the use of default credentials is a common feature of many, different Internet-connected devices. Often device makers fail to prompt (let alone require) customers to update those credentials upon activating and configuring a new device, meaning the credentials are still in place after a device is deployed and Internet accessible.

In August, 2015, for example, DSL routers sold under the ASUS, DIGICOM, Observa Telecom and Philippine Long Distance Telephone (PLDT) brands were found to run firmware that contained a hard-coded password allowing an attacker who can remotely connect to the devices to log in with administrator credentials, according to Carnegie Mellon’s CERT.

Source: Chinese firm acknowledges inadvertent role in cyberattack | CNN Money

Comments are closed.