China to recall up to 10,000 webcams after U.S. Hack

A hand is silhouetted in front of a computer screen in this picture illustration.

By Sijia Jiang

HONG KONG (Reuters) – A recall of webcams linked to a major cyber attack in the United States last week will involve up to 10,000 of the compromised devices, Chinese manufacturer Hangzhou Xiongmai Technology Co told Reuters on Tuesday.

Xiongmai said it would recall some surveillance cameras sold in the U.S. on Monday after security researchers identified they had been targeted in the attack, which rendered Twitter, Spotify and dozens of other major websites unavailable.

Friday’s cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple devices such as webcams which often lack proper security.

Hackers found a way to harness hundreds of thousands of them globally to flood a target with so much traffic that it couldn’t cope, cutting access to some of the world’s best known websites.

The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies.

Liu Yuexin, Xiongmai’s marketing director, told Reuters the company would recall the first few batches of surveillance cameras made in 2014 that monitor rooms or shops for personal, rather than industrial, use.

Xiongmai had now fixed loopholes in earlier products, prompting users to change default passwords and having telnet access blocked, Liu said. He declined to give an exact number of vulnerable devices, but estimated it at less than 10,000.

Devices using the firm’s components in China and elsewhere were unlikely to suffer from similar attacks because they were more frequently used for industrial purposes and within more secure intranet networks, he added.

“The reason why there has been such a massive attack in the U.S. and (one) is not likely going to be in China is that most of our products in China are industrial devices used within a closed intranet only,” Liu said.

“Those in the U.S. are consumer devices exposed in the public domain,” he added.

Liu said surveillance cameras with core modules made by Xiongmai were widely used for banks, shops and housing estate surveillance in China. The firm is a “top three supplier” in China, he said, but declined to name specific clients.

Beyond the recall, Liu added the firm may take measures to enhance the safety of its products by migrating to safer operating systems and adding further encryption.

“Internet of Things (IoT) devices have been subject to cyber attacks because they are mostly based on the Linux open source system,” he said. “Our department had been looking to develop products based on other systems since 2015 and plan to do more in the future.”

(Editing by Adam Jourdan and Alexander Smith)