Stories
Slash Boxes
Comments

SoylentNews is people

Beijing Threatens Legal Action Over Webcam Claims

posted by cmn32480 on Thursday October 27 2016, @04:29PM   Printer-friendly
from the in-Soviet-Russia-products-threaten-you dept.

Phoenix666 writes:

The Chinese Ministry of Justice has threatened legal action against "organisations and individuals" making "false claims" about the security of Chinese-made devices.

It follows a product recall from the Chinese electronics firm Hangzhou after its web cameras were used in a massive web attack last week.

The attack knocked out sites such as Reddit, Twitter, Paypal and Spotify.

The Chinese government blamed customers for not changing their passwords.

Its legal warning was added to an online statement from the company Xiongmai, in which the firm said that it would recall products, mainly webcams, following the attack but denied that its devices made up the majority of the botnet used to launch it.

You will like Chinese products, or else.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Beijing Threatens Legal Action Over Webcam Claims | Log In/Create an Account | Top | 33 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by MrGuy on Thursday October 27 2016, @04:57PM

    by MrGuy (1007) on Thursday October 27 2016, @04:57PM (#419478)

    You will like Chinese products, or else.

    An alternative would be "We don't appreciate being singled out as the source of a widespread problem."

    There are LOTS of IoT devices out there with really crap security. Check out Shodan [shodan.io] to see how many devices are out there broadcasting their presence. Quite a few of these items (from all sorts of manufacturers) are known to have bad security, so if you know how to compromise one, you know how to compromise all of them.

    It's entirely possible the botnet for the recent attack was made up largely of compromised webcams of Chinese manufacture. It's also possible the botnet was from all over the spectrum of manufacturers, and the webcams that are getting all the press were one small piece of a very large pie. Maybe it's somewhere in between. Without seeing actual stats on which devices were involved, it's hard to know. I haven't seen anything other than anecdotes in the press - if someone has a link to some real breakdown data of the attack, I'd appreciate a link.

    It's possible that journalists are accurately placing blame for the problem, and China is being unreasonable to take exception to being criticized.

    It's also possible that journalists are jumping on the "Chinese devices are bad!" bandwagon with little evidence, because it sells (both because of fierce criticism in the US and elsewhere that China is exploitative in their trade practices, and shadowy ominous statements that maybe the government of China has deliberately compromised all devices made in the country).

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Interesting=2, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 4, Informative) by edIII on Thursday October 27 2016, @06:06PM

    by edIII (791) on Thursday October 27 2016, @06:06PM (#419506)

    You're correct about the widespread nature of the problem. Not just IoT or consumer devices, but industrial ones too. A major manufacturer of industrial wireless (gigabit wireless links for 20+ miles that are near $10k per pair) completely boned their security for the web interface. With the exploit you could literally walk right in and run code as root. So hackers created a worm and let it loose across the entire infrastructure (multiple, multiple WISPS). Any WISP that had public IPs found their entire network compromised within hours, and this worm was nasty. Not even designed to make a profit or anything, just to destroy the whole network.

    A few months after that, I noticed Panasonic said fuck it and turned off the web interface on some new products entirely. You need to use a remote control (DECT phone) to physically press a button to open the web port back up for 30 minutes. SSH disabled by default. So perhaps somebody is finally learning.

    I'd give the Chinese a bit of a break though too. The fuckups are globally distributed and exist beyond politics. Meaning, it's not politicians causing it, but greedy executives who refuse to pay for adequate security until something like this happens. So personally, I want to see China take a HUGE MASSIVE fucking hit over this. So big, that corporations around the world simply out of fear of loss profits start taking security just a little bit more seriously.

    At this point I'm looking into ssh tunneling all web traffic from the devices. That way there is no open web port at all, and you need to get through well implemented SSH keys before you can establish a tunnel to hit a *local* port. Then run a cron job to randomize the SSH port every 12 hours and report it back to the network management platform. Of course that only works with devices you can get root on in the first place.

    From a security standpoint, most devices are DOA and entirely dependent upon something at the network edge to defend them. Internally, they're like tasty sheep or chicken just hoping the foxes and wolves don't get inside.

    --
    Technically, lunchtime is at any moment. It's just a wave function.

  • (Score: 0) by Anonymous Coward on Thursday October 27 2016, @10:07PM

    by Anonymous Coward on Thursday October 27 2016, @10:07PM (#419589)

    My bloody kogan tv does this
    Not buying another "smart" tv