Xiongmai Recalls 10,000 Webcams Used in Massive DDoS Attack

Always change the default password.

IBM Think Academy/YouTube

Chinese webcam maker Xiongmai announced a U.S. recall of its webcams on Tuesday, after the devices were linked to a major cyber attack that hit internet servers last week. Nearly 10,000 devices are expected to be affected, in a move set to shadow the rollout of internet-connected appliances for years to come.

“Internet of Things (IoT) devices have been subject to cyber attacks because they are mostly based on the Linux open source system,” Liu Yuexin, marketing director at Xiongmai, told Reuters. “Our R&D department had been looking to develop products based on other systems since 2015, and plan to do more in the future.”

Xiongmai’s older webcams failed to make it clear to users that leaving the default password in place could have serious consequences. Attackers were able to access the devices and perform a distributed denial of service (DDoS) attack. The company claims it now prompts users to change their passwords.

IoT is hyped up as the next big thing in smart home technology. Internet appliances in daily life feed each other information, so the bathroom scales connect over Bluetooth and send updates to the Health app on your phone, or the thermostat changes depending on the weather report. But Xiongmai’s recall may put a damper on these plans, as the public questions whether the security risk is worth it.

IoT security is an area of increasing interest, but now has a sense of urgency about it. In March, DEFCON hacking convention founder Ted Harrington told Inverse that IoT security is only going to get worse before it gets better. The convention publicized an IoT Village drop-in, where device makers could test their security before unleashing it onto the world.

These devices are only going to get further ingrained. Connected self-driving cars could open up serious security risks, with Michigan already promising to lock up hackers that endanger lives. If Xiongmai’s recall shows anything, though, it’s that not all IoT security threats are apparent.