Up to 10,000 webcams are to be recalled in the wake of a cyberattack that restricted access last week to some of the world's biggest websites, Chinese manufacturer Hangzhou Xiongmai Technology Co told Reuters on Tuesday.
The recall comes after a member of the U.S. Senate Intelligence committee requested three federal agencies for steps the government can take to prevent criminals from compromising electronic devices.
In a new type of attack last Friday, hackers used hundreds of thousands of webcams and other connected devices to conduct a denial of service attack against U.S.-based Internet infrastructure provider Dyn, crippling major websites such as PayPal, Spotify, and Twitter.
Hangzhou Xiongmai said it would recall some surveillance cameras sold in the United States after it was revealed they have been involved in the attack.
Liu Yuexin, Xiongmai's marketing director, said an fewer than 10,000 compromised devices are expected to be recalled. He said the company will recall the first few batches of surveillance cameras made in 2014 for personal, rather than industrial, use.
Xiongmai has now fixed loopholes in earlier products, prompting users to change default passwords and block access, Liu told Reuters.
The U.S. Department of Homeland Security (DHS) said it had discussed the attacks with 18 major communications service providers and is working on developing a new set of "strategic principles" for securing Internet-connected devices.
Authorities have yet to identify suspects in the attack, but U.S. National Intelligence Director James Clapper told the press on Tuesday that an early analysis did not point to a foreign government.
"The evidence that we have strongly suggests it is amateur, attention-motivated hackers," Allison Nixon, director of security research at cyber intelligence firm Flashpoint, told Reuters.
Nixon said a similar infrastructure was used on Friday in an unsuccessful attempt to disrupt Internet access to a major video game manufacturer, which she declined to identify.
"Nation states generally don't attack gaming companies," she said.
U.S. Senate intelligence committee member Senator Mark Warner, sent letters on Tuesday asking DHS, the Federal Communications Commission (FCC) and Federal Trade Commission if they have adequate tools to combat the threat posed by "bot net" armies of infected electronic devices.
"Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support," Warner said.
He asked FCC Chairman Tom Wheeler if telecom providers have authority to deny Internet access to devices they deem insecure.
Xiongmai devices are unlikely to suffer similar attacks in China and other countries, as they are typically used in more secure industrial networks, Liu said.
The company also eyes additional steps to improve security by migrating to safer operating and adding further encryption, Liu said.