Chinese Company Xiongmai Threatens Legal Action Against Western Accusers

By: Brian Karas, Published on Oct 24, 2016

The Chinese video surveillance manufacturer, Xiongmai, whose equipment numerous sources blame for driving massive Internet attacks over the past month has fired back, defending itself against allegations. Moreover, they have involved the Chinese government's Ministry of Justice threatening legal action against those defaming them.

'Allegations'

Various publications have cited Xiongmai's products as being used in these cyber attacks.

Cybersecurity journalist Brian Krebs, one of the first Mirai victims, called out Xiongmai:

These products from XiongMai ... will remain a danger to others unless and until they are completely unplugged from the Internet.

Security research firm Flashpoint linked [link no longer available] XiongMai to the Mirai botnets:

a very large percentage of these IP involved in the DDoS attacks were hosting XiongMai Technologies-based products.

ComputerWorld claims that XiongMai has taken direct responsibility:

Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.

Xiongmai Threat

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

However, XiongMai is now fighting back. Working with the Chinese Ministry of Justice, they are attacking 'false statements' and threatening legal action in a Oct 24 social media posting.

[Update Oct 25: Xiongmai has added the same report to their Chinese language website.]

Xiongmai / Ministry of Justice denied responsibility:

XiongMai's products for embedded closed system, the product can not be manipulated by criminals.

Xiongmai / Ministry of Justice blamed users:

The event hackers control products is the use of users do not change the initial password accustomed to the operation

Finally, they threatened legal action against those who 'falsely' claim they are fault:

Organizations or individuals false statements, defame our goodwill behavior ... through legal channels to pursue full legal responsibility for all violations of people, to pursue our legal rights are reserved.

Why XiongMai Is Widely Unknown Even Within the Industry

Xiongmai does not sell nor market under its own brand. Rather, it OEMs / supplies to hundreds of 'manufacturers' / companies who incorporate their components / modules into their own products.

However, Xiongmai is one of the largest suppliers in the global video surveillance market. Sources within the China video surveillance industry indicate that, via their OEMs / customers, they are the 3rd largest video surveillance provider, behind Hikvision and Dahua.

Dahua Involvement

Dahua, the #2 China video surveillance manufacturer, has been at the center of the Mirai botnet attacks as well, and while they have not threatened legal action, they have also been defensive. Brian Kreb's called Dahua duplicituous and our analysis found that Dahua was deceitful in their response.

Hikvision Not Involved

The largest China video surveillance manufacturer, Chinese government owned Hikvision, has not been accused of being involved in the Mirai botnet attacks, which is certainly very good news for them, considering their leading Chinese rivals have been. Of course, Hikvision products suffered major hacking attacks in 2015.

Legal Threat Impact Very Low

We believe Xiongmai has issued this announcement as a PR effort within China, to help counter criticisms they are facing. We do not believe that Xiongmai or the Ministry of Justice is seriously going to sue any Western companies as this is a typical tactic to save face.

Chinese Video Surveillance Market Impact

Over the past 5 years, Chinese video surveillance manufacturer's share of the global video surveillance market has surged. Between the security flaws of products from Xiongmai and Dahua and Hikvision being owned by the Chinese government, this has created extreme concerns about the impact of Chinese video surveillance products.

9 reports cite this report:

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
Unfixed Critical Vulnerability In Millions of XiongMai Devices Disclosed on Oct 10, 2018
XiongMai, one of the biggest OEMs alongside Dahua and Hikvision, has suffered...
Xiongmai New Critical Vulnerability - Same Manufacturer Whose Products Drove Mirai Botnet Attacks on Dec 12, 2017
The Chinese manufacturer whose products were primarily responsible for...
Forgotten Password Problem Importance (Statistics) on Sep 15, 2017
Forgotten passwords has become a major industry topic. For example,...
ISC West 2017 Best and Worst on Apr 10, 2017
IPVM went to Las Vegas, examining what vendors are showcasing and what is...
Top ISC West 2017 Booth Moves on Jan 16, 2017
There are significant moves among many major manufacturers on the ISC West...
XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive...
Hackers Battle For 3 Million Strong Mirai Botnet on Nov 28, 2016
Mirai-infected devices have become so large and so prevalent that multiple...
Now Knocking A Country Offline - The Video Surveillance Driven Botnet Wreaks Havok on Nov 03, 2016
The video surveillance driven botnet is now attacking an entire country. The...
Comments (35) : Members only. Login. or Join.

Related Reports

China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the...
PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems,...
US Passes Uyghur Human Rights Law Condemning Mass Surveillance on Jun 18, 2020
The US government has passed the Uyghur Human Rights Policy Act of 2020,...
"He Is An Idiot!" Exclaims SIA Director John Mack on Mar 23, 2020
Here is another inside look into the "leaders" of the security industry. SIA...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM...
Amazon, Microsoft and IBM Abandoning Face Recognition Is An "Irresponsible PR Stunt" Says AnyVision on Jul 17, 2020
In the wake of national protests against US police abuses, big tech firms...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
Hikvision AI Training In Xinjiang Paramilitary Base, Now Denies on Mar 10, 2020
Hikvision has been listing AI training in a Xinjiang paramilitary base that...
Faked Coronavirus Fever Detection, Athena Used Hikvision; Responds - Selling NDAA Compliant Cameras, Pledging 50% Of Profits to Victims on Mar 24, 2020
US company, Athena Security, faked its coronavirus fever detection marketing,...
Hikvision Hides Xinjiang R&D Activities on Apr 22, 2020
Hikvision has systematically deleted evidence showing their R&D base and...
Hikvision Chairman Targeted For Sanctions As Federal Watchdog Calls Out Hikvision "Serious Religious Freedom Violations" on May 21, 2020
The US government's religious freedom watchdog has criticized Hikvision for...
Netposa Stock Surges 46% After US Human Rights Abuse Sanctions on May 27, 2020
Last Friday, the US government announced it would sanction PRC video...
Wrong Dahua Australia Medical Device Approved on Jul 20, 2020
Dahua's body temperature system is now in Australia's medical device...
Coronavirus Hits Manufacturers, Standing Now, Worse To Come on Apr 06, 2020
Coronavirus is hitting security manufacturers, though overall modestly for...
Hikvision Put on US DoD "Communist Chinese Military Companies" List, Faces Risk of Presidential Sanctions on Jun 26, 2020
The US DoD has put Hikvision on a list of "Communist Chinese Military...

Recent Reports

Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 199 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
Ink Labs Relabels China YCX Fever Camera And Steals Dahua's Marketing on Jul 30, 2020
A US company marketed a 'thermal temperature scanner' as its own, selling...
Genetec and Dahua-Backed Intelbras Split Examined on Jul 29, 2020
China is the cause of the breakup between Canada's and Brazil's largest video...
This YouTuber is Now Selling ThermoHealth Temperature Screening on Jul 29, 2020
An enterprising 20-year old is mass marketing medical devices on Facebook and...