Skip to main content
  1. Home
  2. Computing
  3. News

After Friday’s attack, XiongMai recalls millions of devices that use its tech

By

xiongmai technologies recall devices friday ddos attack ddosattack
Image used with permission by copyright holder
Despite threatening many media outlets and experts with legal action for tarnishing its brand regarding last week’s massive DDoS attack, Chinese electronics firm XiongMai Technologies (XM) said on Monday that it will issue a recall of “millions of devices” that use its technology. The company also admitted that its products “suffered” due to hackers gaining access and using them illegally.

What is strange is that, according to the company, firmware was released in September 2015 to fix any security vulnerabilities. Products that shipped after that date should, by default, not be vulnerable to attacks, yet XiongMai was listed as one of the vendors whose products were used in Friday’s attack.

Recommended Videos

“Since [September 2015], XM has set the device default Telnet off to avoid the hackers to connect,” the company said. “In other words, this problem is absent at the moment for our devices after Sep 2015, as hackers cannot use the Telnet to access our devices.”

The company added that its products now require end-users to set the username and password when they first power up the device. This prevents hackers from using generalized usernames and passwords like “admin/admin” or “admin/password” that is typically set as default by the manufacturer when a device ships.

Last week’s attack brought down many popular services on the internet in the United States including Twitter, Spotify, Reddit, Amazon, and numerous others. This was accomplished by a large distributed denial of service (DDoS) attack, which essentially floods a website’s host with so much junk data that it is either inaccessible, or is knocked offline entirely. Friday’s attack targeted a major DNS host called Dyn, firing at the company from “tens of millions of IP addresses” simultaneously.

The attack was carried out by gaining access to a massive number of internet-connected devices that use the default username and passwords assigned by the manufacturers. Part of the attack used Marai, an open source malware that scans the internet for these unprotected devices, infects them, and then opens the door for the hacker to use the device for sending a flood of junk data to a target.

Many of the devices used in the DDoS attack, which hit Dyn in at least three waves, led back to XiongMai. The company manufactures and sells a wide variety of circuit boards for DVRs as well as camera modules for webcams. While the company provided firmware to fix the former security issue in 2015, older products shipped with XiongMai’s electronics may not have the update.

A recent report revealed many infected devices linking back to XiongMai still had the default login credentials of “xc3511/xc3511.” To make matters worse, even though device owners could change the username and password through a web-based administration panel, that combo is hardcoded in the device’s firmware. Unfortunately, the tools needed to disable this default combo are not available.

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This Lenovo ThinkPad is almost $1,800 off today!
A press photo of the ThinkPad X1 Carbon Gen 11.

One of the best laptops for a busy computer-heavy workplace is the Lenovo ThinkPad. For years, this tried and true laptop and 2-in-1 has delivered a fast and reliable Windows experience to many a 9 to 5 go-getter. Processor speed and power evolve year over year, and new features are added to these laptops all the time. This also means you’ll be able to find discounts on older machines, which is precisely what we came across while scouring through Lenovo ThinkPad deals:

Right now, as part of Lenovo’s doorbuster sale, you’ll save $1,800 on the purchase of a brand-new Lenovo ThinkPad X1 Carbon Gen 11 when you order through Lenovo.

Read more
Runway brings precise camera controls to AI videos
Gen-3 alpha advanced camera controls

Content creators will have more control over the look and feel of their AI-generated videos thanks to a new feature set coming to Runway's Gen-3 Alpha model.

Advanced Camera Control is rolling out on Gen-3 Alpha Turbo starting today, the company announced via a post on X (formerly Twitter).

Read more
Score the Dell XPS 15 for less than $1,000 during this sale
Dell XPS 15 9520 front view showing display and keyboard deck.

If you’ve been looking for laptop deals but feel disappointed with the results of your research, we know the pain. Searching for a new PC can take months, especially if you’ve got the time and energy to vet through numerous brands and models. Fortunately, there are a few tried and true PC names, one of which happens to be Dell. We see Dell laptop deals pretty regularly, but this one stopped us in our tracks:

Right now, when you order the Dell XPS 15 Laptop through the manufacturer, you’ll save $300. At full price, this model sells for $1,300.

Read more