dslreports logo
 story category
FTC Sues D-Link for Poorly Secured Routers, Cameras

The FTC has announced it has filed a lawsuit against hardware vendor D-Link, claiming the company consistently failed to take reasonable steps to protect its routers and internet-linked security cameras from hackers. According to the FTC announcement, an FTC inquiry found that while D-Link PR material consistently claimed the highest security standards, little to nothing was done by the company to eliminate a number of "well-known and easily preventable security flaws," such as:

Click for full size
• "Hard-coded" login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed.

• A software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet.

• The mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and

• Leaving users' login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.

"Hackers are increasingly targeting consumer routers and IP cameras -- and the consequences for consumers can include device compromise and exposure of their sensitive personal information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true."

The FTC's announcement comes on the heels of a settlement with Asus earlier this year regarding that company's similarly-lax security standards. The full FTC announcement has additional detail. There's also some additional conversation ongoing in our security forum.

Most recommended from 16 comments


FactChecker
Premium Member
join:2008-06-03

1 edit

7 recommendations

FactChecker

Premium Member

Consumer Electronics Accountability

Until the consumer electronics industry is held accountable for device hacking, this will get worse with cheap and insecure IoT.
existenz
join:2014-02-12

2 recommendations

existenz

Member

Will anti-virus companies managing routers become the future?

»www.pcmag.com/news/35084 ··· i-router
quote:
The Arris Surfboard SBG7580-AC is the first device to come embedded with the McAfee Secure Home Platform. It's protection that's nearly identical to the McAfee security software you might have installed on your desktop or laptop, except it extends to every device on your home network. If your baby monitor is hijacked by a botnet, for instance, the router will sense the suspicious traffic and suspend its Internet access.

Might be somewhat better for non-upgradable IoT devices and clueless consumers.