Researchers have uncovered more information about the recent DynDNS attack.
XiongMai Technologies, a Chinese company which manufactures surveillance video camera components admitted that they were partly responsible for the attack.
Their devices were used to carry out this wave of DDOoS attacks. It has been determined that their products are vulnerable to the Mirai botnet malware.
It is a daring move that they did wherein which they have admitted their indirect involvement due to the fact that their devices were vulnerable and susceptible to the attacks.
Despite the possible effect on their credibility, unlike other manufacturers, they have openly admitted that the issue exists.
Their surveillance video camera component are vulnerable to the Mirai botnet malware, which in part had its participation on the DynDNS attack.
It is refreshing to see that a company face head on the issue instead of avoiding it.
They are not the only manufacturing company that was affected by the Mirai malware, but they are the first to admit their shortcomings.
During the DDoS attack, countless number of devices were used to orchestrate the DDoS to flood the DynDNS servers. Significant traffic came from security cameras and played a huge part in the grand scheme of things.
What is quite alarming is that XiongMai was already aware of the vulnerabilities since the end of 2015. Nevertheless, they have not patched it up sooner. There were weak spots that were exploited. Password changing of these devices was impossible which made it a wide open avenue for hackers to abuse and exploit.
After September 2015, their manufactured components no longer have this vulnerability, however, majority of their devices remain open wide for hacking.
They have advised their clients to upgrade to the latest firmware as soon as possible. It all would depend on when the clients would be able to do the said firmware upgrade.
As of the moment, it is still not determined which other manufacturers have been compromised and are having the same set of issues. It is not just surveillance cameras that are affected. It also includes computers and smartphones as part of the attack. Most of these are due to the fact that software designed for the said devices have not been updated. It is not just the manufacturers fault but partly can be attributed to the end users not doing their part and are partly responsible also.
They should rethink how firmware updates are done. These companies should have a way to force the updates as needed. For now, it is virtually impossible to do so and it highly remains on the end user to be responsible enough to do the manual update.
Product recall might be on its way with some of their devices.