Brian Krebs who is one of the best reporters on security out there has this great article about a recall on devices that incorporate Chinese technology.
He details how in last week’s massive DDOS attack on Twitter and DYN a large number of the devices used in the attack utilized products from XiongMai Technologies and that they had a hardcoded password (that cannot be changed by the user) and cannot be removed — making the devices super vulnerable. Their devices are widely used in cameras and DVR’s made in China.
He also covers and translates some of the company’s actions and responses to the disclosure of this information, including threatened legal action against those who are reporting on it.
Other posts that might interest you
Devil’s Ivy Update
In July 2017, cyber security researchers discovered a serious flaw, which they named “Devil’s Ivy”, that exists in nearly all cameras supporting the popular ONVIF specification. The flaw allows hackers…
August 8, 2017
Easily enable single sign-on with Eagle Eye Networks Editions
Businesses that choose to incorporate single sign-on (SSO) and multifactor authentication (MFA) add an extra layer of cybersecurity protection to their enterprise that sets them up for improved security and…
March 21, 2023
Devil’s Ivy Likely Widespread
A recently discovered vulnerability labeled “Devil’s Ivy” is expected to impact millions of cameras that support the ONVIF protocol. The initial exploit was discovered on an Axis Camera and then…
July 24, 2017