IoT attack leads to massive recall, security concerns

A huge Distributed Denial of Service (DDoS) attack that brought down “half the Internet,” according to alarmist headlines, is being blamed in large part on Internet of Things (IoT) devices. And it’s leading to a big recall of vulnerable products. 

Hangzhou Xiongmai Technology, maker of several popular security cameras, has announced it will recall products due to the risk of them being hacked and used in DDoS attacks.

The main problem is that users often wouldn’t change the default passwords and usernames for the devices. That made the connected cameras easy to use by botnets. Although the manufacturer issued a patch in 2015 and is urging users of the devices to update their passwords, it has also decided to recall older devices in order to better secure them.

Default passwords must always be changed

No matter what, a default password should be changed immediately for any connected device. In some cases, this is obvious: If you’re hosting information or data on a device, you don’t want it to be hackable using default passwords or brute-force attempts.

But in addition, these all-but-unsecured devices could also be a vector for attacks that make the Internet in general less secure.

Make sure that it’s common practice to change passwords ASAP: Preferably as soon as or before they’re even connected to the network, if possible.