After Friday’s attack, XiongMai recalls millions of devices that use its tech

xiongmai technologies recall devices friday ddos attack ddosattack
Despite threatening many media outlets and experts with legal action for tarnishing its brand regarding last week’s massive DDoS attack, Chinese electronics firm XiongMai Technologies (XM) said on Monday that it will issue a recall of “millions of devices” that use its technology. The company also admitted that its products “suffered” due to hackers gaining access and using them illegally.

What is strange is that, according to the company, firmware was released in September 2015 to fix any security vulnerabilities. Products that shipped after that date should, by default, not be vulnerable to attacks, yet XiongMai was listed as one of the vendors whose products were used in Friday’s attack.

“Since [September 2015], XM has set the device default Telnet off to avoid the hackers to connect,” the company said. “In other words, this problem is absent at the moment for our devices after Sep 2015, as hackers cannot use the Telnet to access our devices.”

The company added that its products now require end-users to set the username and password when they first power up the device. This prevents hackers from using generalized usernames and passwords like “admin/admin” or “admin/password” that is typically set as default by the manufacturer when a device ships.

Last week’s attack brought down many popular services on the internet in the United States including Twitter, Spotify, Reddit, Amazon, and numerous others. This was accomplished by a large distributed denial of service (DDoS) attack, which essentially floods a website’s host with so much junk data that it is either inaccessible, or is knocked offline entirely. Friday’s attack targeted a major DNS host called Dyn, firing at the company from “tens of millions of IP addresses” simultaneously.

The attack was carried out by gaining access to a massive number of internet-connected devices that use the default username and passwords assigned by the manufacturers. Part of the attack used Marai, an open source malware that scans the internet for these unprotected devices, infects them, and then opens the door for the hacker to use the device for sending a flood of junk data to a target.

Many of the devices used in the DDoS attack, which hit Dyn in at least three waves, led back to XiongMai. The company manufactures and sells a wide variety of circuit boards for DVRs as well as camera modules for webcams. While the company provided firmware to fix the former security issue in 2015, older products shipped with XiongMai’s electronics may not have the update.

A recent report revealed many infected devices linking back to XiongMai still had the default login credentials of “xc3511/xc3511.” To make matters worse, even though device owners could change the username and password through a web-based administration panel, that combo is hardcoded in the device’s firmware. Unfortunately, the tools needed to disable this default combo are not available.


I tried an LTE laptop for a month, and I wasn’t really convinced

LTE laptops offer up plenty of benefits and are becoming more common. After spending one month with one in my daily life in New York City, I really wondered if it is something that consumers really need in their lives.
Smart Home

Man claims hacker talked to him through his Nest security camera

An Arizona man claims a white hat hacker was able to communicate with him through a hacked Nest Cam IQ internet-connected security camera and warn him about a vulnerability in the device.

Bosch is developing a Rosetta Stone for autonomous and connected cars

Bosch and start-up Veniam want to create a common language that autonomous and connected cars can use. The two firms have developed a connectivity unit that transcends the national boundaries of technology.

415,000 routers worldwide reportedly infected with cryptojacking malware

Even though there is a fix ready to prevent the threat of a cryptojacking malware discovered in Brazil earlier this year, the rapid growth of infection caused by the malware shows that not many users have installed the patch.

3DMark’s Port Royal lets you benchmark ray tracing on Nvidia’s RTX cards

UL is adding another benchmarking utility to its popular 3DMark suite to help gamers measure their graphics card's ray tracing performance. You'll soon be able to measure how Nvidia's RTX 2070, 2080, and 2080 Ti stack up.

Snatch Apple’s 2017 15-inch MacBook Pro for up to $1,200 off at B&H

The latest deal at B&H is offering up 2017 15-inch Apple MacBook Pros, in space gray and silver, with Intel Core i7 quad-core CPUs, 16GB of RAM, and AMD Radeon Pro 560 GPUs with up to 2TB of SSD storage.

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

Apple Mac users should take a bite out of these awesome games

Contrary to popular belief, there exists a bevy of popular A-list games compatible for Mac computers. Take a look at our picks for the best Mac games available for Apple fans.
Emerging Tech

An A.I. cracks the internet’s squiggly letter bot test in 0.5 seconds

How do you prove that you’re a human when communicating on the internet? The answer used to be by solving a CAPTCHA puzzle. But maybe not for too much longer. Here is the reason why.

Qualcomm’s dual-screen PC concept looks like two connected Surface Go tablets

In Qualcomm's video teaser, we got a glimpse of the company's vision for how a dual-screen ARM PC should work. The internet reacted to Qualcomm's video, calling the device in question merely a mashup of two Surface Go tablets.

Check out the best Green Monday deals for those last-minute gifts

Black Friday and Cyber Monday have come and gone, but that doesn't mean you've missed your chance of finding a great deal. We're talking about Green Monday, of course, and it falls on December 10.

Hololens 2 could give the Always Connected PC a new, ‘aggressive’ form

Microsoft is said to be leaning on Qualcomm to power its Hololens 2 headset. Instead of Intel CPUs, the next Hololens could use a Snapdragon 850 processor, allowing it to benefit from the always-connected features.

Chrome’s dark mode may cast its shadow over Macs by early 2019

By early 2019 Google may release a version of Chrome for Mac users that offers a Dark Mode feature to match MacOS Mojave's recent darkening.

These laptop bags will keep your notebook secure wherever you go

Choosing the right laptop bag is no easy feat -- after all, no one likes to second-guess themselves. Here are some of the best laptop bags on the market, from backpacks to sleeves, so you can get it right the first time around.