January 6, 2017 by

FTC Sues Networking Giant D-Link over Risking US Consumers’ Privacy

The U.S. Federal Trade Commission (FTC) has charged hardware manufacturer D-Link on Thursday, alleging that the company’s inadequate security measures has left its wireless routers and Internet cameras vulnerable to hackers, leaving US consumers’ privacy at risk.

In an effort to ensure customer privacy during the age of internet-enabled devices with the Internet of Things (IoT), the Federal Trade Commission has filed a complaint  Taiwan-based networking manufacturer D-Link, pointing to its “inadequate security measures”.

According to the complaint, the FTC picks out D-Link’s promotional material about its routers’ security. Headlines include “Easy to secure” and “Advanced network security”, as pointed out by the federal agency. Despite these claims, the company failed to address and safeguard its product from “well-known and easily preventable” security flaws, the complaint added.

DLink’s failings, according to the FTC, include:

  • “Hard-coded” login credentials that are integrated and easily found on D-Link’s camera software. To this day, both the username and the password remain “guest”, the FTC alleges, claiming that anyone with knowledge of these credentials can tap into the cameras’ live feed.
  • A common software flaw known as “command injection” that typically enables remote attacks with the means to compromise routers via unauthorized commands over the Internet
  • D-Link’s mobile app is allegedly vulnerable, in that users’ login credentials are found in readable, clear-text format on their mobile devices. This, despite the availability of free software to secure these credentials.

Using a compromised camera, an attacker could ascertain and monitor a target’s whereabouts to then target their property for theft or other crimes, the FTC added. Furthermore, a camera can also watch and record a target’s activities and conversations, compromising user privacy.

The complaint was filed in the Northern District of California and, D-Link, for its part, denies the complaints and allegations put forth by the FTC.

In a statement, D-Link stated:

D-Link Systems denies the unwarranted allegations outlined in the FTC complaint and will vigorously defend the action.

The hardware maker has also deemed the FTC’s charges as “baseless”, claiming that the FTC is speculating that US consumers were placed at risk, without any evidence that actual consumers had suffered.

Image credit: DLink.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

FTC Slaps $3.5 Million Fine on Lenovo for Superfish Adware

Laptop maker Lenovo has agreed to pay a $3.5 million fine for pre-installing adware on hundreds of...

Read more arrow_forward

Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a...

Read more arrow_forward

U.S. Senators introduce New Bill that sets IoT Standards for Federal Suppliers

U.S. Senators are planning to introduce new bill that sets IoT standards for federal suppliers....

Read more arrow_forward