By Sijia Jiang
HONG KONG -- Up to 10,000 webcams will be recalled in the aftermath of a cyber attack that blocked access last week to some of the world's biggest websites, Chinese manufacturer Hangzhou Xiongmai Technology Co. told Reuters on Tuesday.
In Washington, a member of the U.S. Senate Intelligence committee asked three federal agencies what steps the government can take to prevent cyber criminals from compromising electronic devices.
Friday's internet outage alarmed security experts because it leveraged a new type of attack using simple webcams and other connected devices that often lack proper security.
Hackers harnessed hundreds of thousands of those devices globally to flood U.S.-based internet infrastructure provider Dyn with so much traffic that it could not cope, cutting access to major websites including PayPal, Spotify and Twitter.
The U.S. Department of Homeland Security (DHS) said it had discussed the attacks in a conference call with 18 major communications service providers and was working to develop a new set of "strategic principles" for securing internet-connected devices.
The intelligence committee member, U.S. Senator Mark Warner, a Democrat, sent letters asking DHS, the Federal Communications Commission (FCC) and Federal Trade Commission if they have adequate tools for combating the threat posed by "bot net" armies of infected electronic devices.
"Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support," Warner said.
He asked FCC Chairman Tom Wheeler if communications providers have authority to deny internet access to electronics devices they deem insecure.
Senators Angus King, an independent, and Martin Heinrich, a Democrat, who also serve on the committee, on Monday asked the Obama administration to create uniform policies across government seeking to secure U.S. networks by sharing any detected vulnerabilities with the private sector.
Xiongmai said it would recall some surveillance cameras sold in the United States after researchers identified they had been targeted in the attack.
Liu Yuexin, Xiongmai's marketing director, told Reuters the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal, rather than industrial, use.
Xiongmai had now fixed loopholes in earlier products, prompting users to change default passwords and block telnet access, Liu said.
He declined to give an exact number of vulnerable devices, but estimated it at fewer than 10,000.
Xiongmai devices were unlikely to suffer similar attacks in China and elsewhere outside the United States, where they are typically used in more secure industrial networks, Liu said.
"Most of our products in China are industrial devices used within a closed intranet only," Liu said. "Those in the U.S. are consumer devices exposed in the public domain."
Liu said surveillance cameras with Xiongmai core modules were widely used for surveillance at banks, shops and housing estates, where the firm was one of the top three suppliers.
He declined to identify specific clients.
Xiongmai may take further steeps to beef up security by migrating to safer operating systems and adding further encryption, Liu said.
Aucun commentaire:
Enregistrer un commentaire