It looks like D-Link has found itself in hot water with the Federal Trade Commission (FTC) this week as the US regulator has filed charges against D-Link for putting consumers’ privacy and security at risk with its products. As part of the FTCs current initiative to ensure companies are taking proper steps to ensure secure IoT devices, the commission has been cracking down on several companies selling wireless routers and even webcams without adequate security.
D-Link in particular currently sells wireless routers and Internet Protocol Cameras. According to the FTC, D-Link has not been maintaining the safety standards it claims to adhere to on its own website. As the FTC puts it, “when manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true”.
“Hackers are increasingly targeting consumer routers and IP cameras and the consequences for consumers can include device compromise and exposure of sensitive information”, the commission continued.
According to the complaint, D-Link has been promoting its products with ‘Advanced Network Security’, but the FTC found that D-Link’s camera software is ‘hard-coded’ with weak login credentials, such as the username and password being ‘guest’. This can allow unauthorized users to access the camera feed. Some of D-Link’s routers have also been found to have a software flaw that could allow hackers to inject commands and take over routers. The FTC also claims that D-Link has mishandled private key codes used to sign into D-Link software, leaving user credentials unsecured in clear text formats.
The FTC is concerned that hackers could exploit these vulnerabilities using very simple methods. Now, we just need to wait for D-Link to respond to the FTC’s complaint but it is likely that the company will need to make a few changes to the way it handles security on its Internet of Things connected devices going forward if it wants to avoid penalties.
KitGuru Says: The FTC has previously cracked down on other companies for poor security practises with IoT connected devices and it looks like they aren’t going to stop any time soon. Do any of you own a D-Link router or camera?