No single company was deemed responsible for all those vulnerable machines. Indeed, after the source code for their malware was released, investigative reporter Brian Krebs was able to list a host of camera manufacturers whose machines were targeted.
Their mistake was one all too common in the IoT world: they used default passwords that were either previously-known or easily-guessable. Mirai would scan the internet for those machines and attempt to break in with those credentials.
But one researcher, Flashpoint’s Zachary Wikholm, today claimed to have found a single Chinese firm, Hangzhou XiongMai Technologies (XM), that shipped flawed code allowing the perpetrators to potentially amass nearly half a million bots for their malicious network.
Whilst other manufacturers, like China’s Dahua, saw their kit compromised, Wikholm believes XM tech was compromised far more. “Flashpoint’s analysis on the attack data shows … a very large percentage of these IPs involved in the DDoS attacks were hosting XiongMai Technologies-based products,” he wrote in a blog post today.
XM creates software running on its own and partner manufacturers’ cameras and DVRs, according to Wikholm. He discovered two significant weaknesses in XM software. First, the company had added default passwords for connections over Telnet, accessible to any hacker on the planet. And, said Wikholm, those passwords were widely known and easy to find with some Google searches.
Source - Forbes
0 comments:
Post a Comment