(Bloomberg) — A Chinese security camera maker said its products were used to launch a cyber-attack that severed internet access for millions of users, highlighting the threat posed by the global proliferation of connected devices.
The attackers hijacked CCTV cameras made by Hangzhou Xiongmai Technology Co. using malware known as Mirai, the company said in an e-mailed statement. While Xiongmai didn’t say how many of its products had been infiltrated, all cameras made before September 2015 were potentially vulnerable.
The attack, which took down sites including Twitter, Spotify and CNN for long stretches, underscored how hackers can marshal an increasing number of online gadgets, collectively known as the Internet of Things, to disrupt the internet on an unprecedented scale.
“Mirai is a huge disaster for the Internet of Things. XM have to admit that our products also suffered from hacker’s break-in and illegal use,” Xiongmai said in its e-mail.
Millions of internet users lost access to some of the world’s most popular websites on Friday after hackers hammered servers along the U.S. East Coast with phony traffic until they crashed, then moved westward. The attackers hit Dyn Inc., a provider of Domain Name System services. Agencies including the U.S. Department of Homeland Security are investigating the outage but the perpetrators remain unknown.
Xiongmai said products made before September 2015 were vulnerable because they ran on older firmware, or software hard-wired into devices. The company urged users to update their firmware and change their default usernames and passwords.
Security professionals have anticipated an increase in attacks from malware that target connected gadgets. In Friday’s instance, hackers launched a distributed denial-of-service (DDoS) attack using tens of millions of malware-infected devices connected to the internet, according to Kyle York, Dyn’s chief strategy officer.
While DDoS attacks don’t steal anything, they create havoc across the Internet.