Finally, I see a company name attached to this Mirai botnet problem: Hangzhou Xiongmai Technologies, whose devices leave an essentially unprotected (and unprotectable) telnet server open.
http://qz.com/819391/a-collision-of-chinese-manufacturing-globalization-and-consumer-ignorance-could-ruin-the-internet-for-everyone/ The article mentions nothing about UPnP, though, so I'm still left wondering how the attack happened. Another article notes Xiongmai's response, which includes a product recall: http://www.welivesecurity.com/2016/10/24/webcam-firm-recalls-hackable-devices-mighty-mirai-botnet-attack/ And their IPC (IP camera) product specs do include UPnP, so presumably it's enabled by default and causing also-unsecure Netgear/DLink/Linksys defaults to leak their open TCP ports out onto the open Internet. What will these router vendors' response be? And is it appropriate to begin a campaign to discontinue support for UPnP (by all products everywhere), as was done a few years ago for the non-secure wifi WEP auth protocol? -rich _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
