Company also threatens to sue accusers for slander

Oct 24, 2016 23:15 GMT  ·  By

Hangzhou Xiongmai Technology has issued a statement after Flashpoint researchers have pointed the finger at the company as being the main source of insecure devices used in the recent DDoS attacks that took down a large chunk of the Internet this Friday and Saturday, on October 21 and 22.

The Chinese company, which sells several types of IP cameras, says it started a recall of some of its older products sold in the US that were manufactured before April 2015.

It also adds that, in April 2015, its engineers deployed a new firmware update that made exploitation of its devices by the Mirai malware impossible.

XiongMai threatens legal action against accusers

Through its statement, XiongMai wanted to make it clear that only devices made before that date, which users exposed online and for which they forgot to change the default password, could have been hijacked by the Mirai malware.

The company threatened legal action against anyone that attempted to pin the blame on its products for the Dyn incidents.

Following the Dyn DDoS attacks, a Flashpoint researcher told Brian Krebs that most of the devices involved in the DDoS were "a broad array of white-labeled DVR and IP camera electronics boards made by a Chinese company called XiongMai Technologies," which featured the username: root and password: xc3511.

Other vendors at fault, not just XiongMai

The Mirai malware contains a list of over 50 username and password combinations, hardcoded in its source code, which it will try against newly discovered IoT devices. These credentials belong to multiple hardware vendors such as Dahua, TVT, and others.

It may have been just a matter of coincidence that at the time of the attack there were more XiongMai devices available.

Both Dyn, Akamai, Flashpoint, and authorities are still investigating the DDoS attacks, which prevented US and some European users from accessing sites such as Twitter, Reddit, Yelp, Imgur, PayPal, Shopify, Soundcloud, Spotify, GitHub, Heroku, Etsy, and others.

"The main security problem is that users do not change the default password, this is the most vulnerable to easy to break through, so we once again remind users to change the password," the XiongMai statement warns.