«
»

D-Link Taken To Court By Feds Because Of Insecure Gear

Owners of D-Link hardware, specifically wireless routers and Internet cameras may want to pay attention to this story. The FTC in the United States Of America is taking D-Link to court because that gear is according to them REALLY insecure:

The FTC, in a complaint filed in the Northern District of California charged that “D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.”

Specifically, D-Link is being accused of using “Hard-coded” login credentials, having “command injection” flaws in their products that allow remote pwnage of their products, not handling private keys codes properly, and finally leaving user credentials in plain text in their apps.

None of this is trivial stuff.

Here’s D-Link’s response to all of this:

For its part, D-Link Systems said it “is aware of the complaint filed by the FTC. D-Link denies the allegations outlined in the complaint and is taking steps to defend the action. The security of our products and protection of our customers private data is always our top priority.”  [Update: A full response fromD-Link can be found here]

Here’s the thing. If the FTC goes after a company, they usually have the evidence to back up whatever claim they are making. After all, in November, DHS put out a warning about some of their routers. They did fix them, but that took them over a month to get done. I can think of other examples, but I won’t bore you with the details. In any case, D-Link may want to figure out how to mitigate the bad press that this news will create and the severe slap that the FTC is likely to hand out when they win in court. Likely by settling out of court and addressing these issues.

I should note that the FTC has also gone after ASUS and TRENDnet for similar issues. Thus if you make IoT gear, you should make sure that your security is on point. Otherwise the feds will be at your door step.

 

 

This entry was posted on January 6, 2017 at 11:14 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “D-Link Taken To Court By Feds Because Of Insecure Gear”

  1. DLink Must Submit To FTC Scrutiny To Make Their Legal Issues Go Away | The IT Nerd Says:
    July 4, 2019 at 12:50 pm

    […] was a while ago that the news broke about the FTC taking DLink to court because the company made gear that was insecure. Fast […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading