Chinese Company Xiongmai Threatens Legal Action Against Western Accusers

Author: Brian Karas, Published on Oct 24, 2016

The Chinese video surveillance manufacturer, Xiongmai, whose equipment numerous sources blame for driving massive Internet attacks over the past month has fired back, defending itself against allegations. Moreover, they have involved the Chinese government's Ministry of Justice threatening legal action against those defaming them.

'Allegations'

Various publications have cited Xiongmai's products as being used in these cyber attacks.

Cybersecurity journalist Brian Krebs, one of the first Mirai victims, called out Xiongmai:

These products from XiongMai ... will remain a danger to others unless and until they are completely unplugged from the Internet.

Security research firm Flashpoint linked XiongMai to the Mirai botnets:

a very large percentage of these IP involved in the DDoS attacks were hosting XiongMai Technologies-based products.

ComputerWorld claims that XiongMai has taken direct responsibility:

Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.

Xiongmai Threat

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

However, XiongMai is now fighting back. Working with the Chinese Ministry of Justice, they are attacking 'false statements' and threatening legal action in a Oct 24 social media posting.

[Update Oct 25: Xiongmai has added the same report to their Chinese language website.]

Xiongmai / Ministry of Justice denied responsibility:

XiongMai's products for embedded closed system, the product can not be manipulated by criminals.

Xiongmai / Ministry of Justice blamed users:

The event hackers control products is the use of users do not change the initial password accustomed to the operation

Finally, they threatened legal action against those who 'falsely' claim they are fault:

Organizations or individuals false statements, defame our goodwill behavior ... through legal channels to pursue full legal responsibility for all violations of people, to pursue our legal rights are reserved.

Why XiongMai Is Widely Unknown Even Within the Industry

Xiongmai does not sell nor market under its own brand. Rather, it OEMs / supplies to hundreds of 'manufacturers' / companies who incorporate their components / modules into their own products.

However, Xiongmai is one of the largest suppliers in the global video surveillance market. Sources within the China video surveillance industry indicate that, via their OEMs / customers, they are the 3rd largest video surveillance provider, behind Hikvision and Dahua.

Dahua Involvement

Dahua, the #2 China video surveillance manufacturer, has been at the center of the Mirai botnet attacks as well, and while they have not threatened legal action, they have also been defensive. Brian Kreb's called Dahua duplicituous and our analysis found that Dahua was deceitful in their response.

Hikvision Not Involved

The largest China video surveillance manufacturer, Chinese government owned Hikvision, has not been accused of being involved in the Mirai botnet attacks, which is certainly very good news for them, considering their leading Chinese rivals have been. Of course, Hikvision products suffered major hacking attacks in 2015.

Legal Threat Impact Very Low

We believe Xiongmai has issued this announcement as a PR effort within China, to help counter criticisms they are facing. We do not believe that Xiongmai or the Ministry of Justice is seriously going to sue any Western companies as this is a typical tactic to save face.

Chinese Video Surveillance Market Impact

Over the past 5 years, Chinese video surveillance manufacturer's share of the global video surveillance market has surged. Between the security flaws of products from Xiongmai and Dahua and Hikvision being owned by the Chinese government, this has created extreme concerns about the impact of Chinese video surveillance products.

Comments (36): PRO Members only. Login. or Join.

Related Reports

XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...
Hikvision Cloud Security Vulnerability Uncovered on Dec 05, 2016
A security researcher uncovered a critical vulnerability in Hikvision's global cloud servers. This vulnerability allowed an attacker to remotely...
Hikvision CEO Declares 'We Do Not Cut Rates" on Dec 02, 2016
Hikvision has led another press trip to China, and this time Hikvision's CEO is sharing insights into their competitive strategy, including...
Hikvision Removed From US Embassy on Nov 22, 2016
Hikvision cameras have been removed from the US Embassy Afghanistan and a procurement for more Hikvision cameras has been cancelled, after IPVM's...
Longse vs Dahua and Hikvision Tested on Nov 16, 2016
For many, even $100 cameras are too expensive. That is where spam king Longse comes in with their relentless offer of ~$20 cameras. In our past...
Avigilon Stock Surges 40% On Strong Growth (Q3 2016) on Nov 15, 2016
The roller coaster continues. After a brutal Q2 heading down, Avigilon's Q3 growth is strongly up. Inside this note, we examine what powered...
Hikvision 'Phone Home' Raises Security Fears on Nov 10, 2016
The escalating attention towards Hikvision's China government ownership and Genetec's removal of Hikvision due to cyber security concerns has...
Genetec Expels Hikvision on Nov 08, 2016
Genetec has removed support for Hikvision devices, deeming them 'untrustworthy', citing customer concerns about Chinese government ownership /...
'Legal Protection' From Eagle Eye Contract Vault Examined on Nov 02, 2016
"I was promised the high-end model for the entry level price." "Nobody said there would be a monthly service fee when I signed...
Genetec: Gutting of Mid and Low End Players Coming on Nov 01, 2016
Things are getting ugly. Genetec is predicting that mid-tier VMSes have limited days ahead, and that they will lose their market share to low-cost...

Most Recent Industry Reports

Knightscope - $122,509 Revenue, $2.5 Million Loss Seeks $20 Million Investment on Dec 09, 2016
The robot that ran over a child, Knightscope, wants money and they need it. Investors can invest as little as $1,000 to participate and...
'Solution' Manufacturers Threaten Integrators on Dec 09, 2016
The race to the bottom has driven manufacturers to become 'solution' providers, threatening integrators. Axis shift to 'solution' sales might be...
The Russian SMP Security Robot on Dec 08, 2016
A Russian manufacturer, SMP, has a commercially available outdoor security robot, at a lower price and with much less marketing than their main...
How Hikvision Beats Its OEMs on Dec 08, 2016
Hikvision GM declared that they are not aggressive with their competitors. But some of their own OEM partners disagree. Inside, we reveal a key...
Dahua Discontinuing H.264 Only Products on Dec 08, 2016
Dahua has taken a stand for H.265 and is discontinuing its H.264 only products. We examine the shakeup inside this...
IP Networking Course January 2017 on Dec 08, 2016
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Hikvision vs Dahua Mobile Apps Tested on Dec 07, 2016
With smartphone use and low-cost video recorders surging, many user's main interface to their surveillance system is their phone. With mobile video...
Paxton Drops US Reps, Plans Major Expansion on Dec 07, 2016
Paxton is gearing up to make a big run at  US access control success. The first step they have made is to cut all US Rep Firms, in anticipation of...
Axis Partner Elder Care Video Analytics (Smartervision) on Dec 07, 2016
Can video analytics be used to improve the care of the elderly? Axis and a video analytics startup, Smartervision, are working together to do so....
Sony IP Camera Backdoor Uncovered on Dec 06, 2016
A backdoor has been uncovered in ~80 Sony IP camera models, attackers can remotely enable telnet on the camera, and then potentially login as root,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact