FTC Sues Networking Giant D-Link over Risking US Consumers’ Privacy

The U.S. Federal Trade Commission (FTC) has charged hardware manufacturer D-Link on Thursday, alleging that the company’s inadequate security measures has left its wireless routers and Internet cameras vulnerable to hackers, leaving US consumers’ privacy at risk.

In an effort to ensure customer privacy during the age of internet-enabled devices with the Internet of Things (IoT), the Federal Trade Commission has filed a complaint  Taiwan-based networking manufacturer D-Link, pointing to its “inadequate security measures”.

According to the complaint, the FTC picks out D-Link’s promotional material about its routers’ security. Headlines include “Easy to secure” and “Advanced network security”, as pointed out by the federal agency. Despite these claims, the company failed to address and safeguard its product from “well-known and easily preventable” security flaws, the complaint added.

DLink’s failings, according to the FTC, include:

  • “Hard-coded” login credentials that are integrated and easily found on D-Link’s camera software. To this day, both the username and the password remain “guest”, the FTC alleges, claiming that anyone with knowledge of these credentials can tap into the cameras’ live feed.
  • A common software flaw known as “command injection” that typically enables remote attacks with the means to compromise routers via unauthorized commands over the Internet
  • D-Link’s mobile app is allegedly vulnerable, in that users’ login credentials are found in readable, clear-text format on their mobile devices. This, despite the availability of free software to secure these credentials.

Using a compromised camera, an attacker could ascertain and monitor a target’s whereabouts to then target their property for theft or other crimes, the FTC added. Furthermore, a camera can also watch and record a target’s activities and conversations, compromising user privacy.

The complaint was filed in the Northern District of California and, D-Link, for its part, denies the complaints and allegations put forth by the FTC.

In a statement, D-Link stated:

D-Link Systems denies the unwarranted allegations outlined in the FTC complaint and will vigorously defend the action.

The hardware maker has also deemed the FTC’s charges as “baseless”, claiming that the FTC is speculating that US consumers were placed at risk, without any evidence that actual consumers had suffered.

Image credit: DLink.