D-Link Taken To Court By Feds Because Of Insecure Gear

Owners of D-Link hardware, specifically wireless routers and Internet cameras may want to pay attention to this story. The FTC in the United States Of America is taking D-Link to court because that gear is according to them REALLY insecure:

The FTC, in a complaint filed in the Northern District of California charged that “D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.”

Specifically, D-Link is being accused of using “Hard-coded” login credentials, having “command injection” flaws in their products that allow remote pwnage of their products, not handling private keys codes properly, and finally leaving user credentials in plain text in their apps.

None of this is trivial stuff.

Here’s D-Link’s response to all of this:

For its part, D-Link Systems said it “is aware of the complaint filed by the FTC. D-Link denies the allegations outlined in the complaint and is taking steps to defend the action. The security of our products and protection of our customers private data is always our top priority.”  [Update: A full response fromD-Link can be found here]

Here’s the thing. If the FTC goes after a company, they usually have the evidence to back up whatever claim they are making. After all, in November, DHS put out a warning about some of their routers. They did fix them, but that took them over a month to get done. I can think of other examples, but I won’t bore you with the details. In any case, D-Link may want to figure out how to mitigate the bad press that this news will create and the severe slap that the FTC is likely to hand out when they win in court. Likely by settling out of court and addressing these issues.

I should note that the FTC has also gone after ASUS and TRENDnet for similar issues. Thus if you make IoT gear, you should make sure that your security is on point. Otherwise the feds will be at your door step.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: