FTC: D-Link IoT devices put thousands of customers at risk

D-Link calls Federal Trade Commission's claims "vague and unsubstantiated"

Hacking

The US Federal Trade Commission has accused D-Link of putting thousands of customers at risk by failing to provide adequate security measures in its IoT devices. 

Charges filed yesterday say the Taiwanese company failed to take steps to prevent intruders from hacking IoT devices, with the view to steal customer network data or add devices to a larger 'botnet'.

Advertisement - Article continues below

D-Link called the allegations "vague and unsubstantiated".

The filing, made to the US District Court for the Northern District of California, represents a wider FTC campaign to improve the security of connected devices around the home, including webcams, routers, security cameras and other smart home technology.

The complaint states D-Link has "failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorised access", and has failed to protect customers against flaws considered "among the most critical and widespread web application vulnerabilities since at least 2007".

D-Link is accused of repeatedly failing to guard against "easily preventable software flaws", including the use of default user credentials, command injection flaws, and backdoors, which would allow the remote hacking of devices.

Specified in the complaint are D-Link's Wireless N 300 Router, N Dual Band Router, and the N Network Camera.

Advertisement
Advertisement - Article continues below

The company's allegedly inadequate approach to security has meant D-Link devices have put thousands of customers at risk of unauthorised access, and of being made part of a larger IoT botnet, according to the complaint.

Advertisement - Article continues below

"The FTC has made vague and unsubstantiated allegations relating to routers and IP cameras," a D-Link spokesperson responded in a statement. "D-Link Systems will vigorously defend itself against the unwarranted and baseless charges made by the FTC."

"The complaint does not allege any breach of a D-Link Systems device. Instead, the FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege that actual consumers suffered or are likely to suffer actual substantial injuries," the statement adds.

A D-Link Wi-Fi camera flaw discovered in July 2016 was found to have potentially exposed 400,000 devices to remote hacking, allowing intruders to change default credentials and potentially spy on users in their home. A firmware update to the DCS-930L Cloud Camera allowed hackers to use a single line of code to gain unauthorised access. D-Link is yet to respond to IT Pro's request for comment on the issue.

Advertisement - Article continues below

The hacking of IoT devices has led to the creation of botnets on a massive scale, resulting in a series of attacks by the so-called 'Mirai botnet' in 2016. Since its discovery, the army of enthralled IoT devices has launched some of the largest DDoS attacks in history, including the massive cyber attack against Dyn servers in October, which knocked sites such as Twitter, Netflix and Reddit offline.

The FTC brought similar charges against Asus last February, after a flaw was discovered in 2014 that allowed almost 13,000 routers to be remotely hacked, forcing the company into a program of independent security reviews for the next 20 years.

The complaint outlines six counts of breaking FTC policy, including misrepresentation of promotional security material and unfairness in handling customer safety. The FTC has requested the court to force D-Link to review security practices and reimburse any legal fees.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020
Visit/security/phishing/355793/gitlab-phishes-its-remote-employees-and-1-in-5-fell-for-it
phishing

GitLab phished its employees and 20% handed over credentials

26 May 2020
Visit/security/cyber-security/355791/cyberpeace-institute-urges-governments-to-work-together-to-stop
cyber security

Governments urged to work together to stop health care cyber attacks

26 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020