• Uncategorised
  • 0

US government sues D-Link over alleged security flaws

The FTC says D-Link's products left consumers vulnerable to hackers.

The FTC says D-Link’s products left consumers vulnerable to hackers.

Photo by CNET

The Federal Trade Commission is taking D-Link to court, accusing the company of poor security practices for its routers, web cameras, baby monitors and other products. The lawsuit (PDF[1]), filed in San Francisco’s district court, argues that D-Link failed to meet security standards from 2007, leaving widespread vulnerabilities open to hackers. The commission alleges that D-Link coded easy to crack log-in credentials into its camera software, enabling hackers to easily spy on the company’s customers.

The FTC also accuses D-Link of failing to encrypt passwords on its mobile app, instead leaving the codes in plain text on devices for anyone nearby to read. D-Link also failed to address a “command injection” software flaw, which would let hackers hijack routers from remote locations, according to the FTC. “As a result of Defendants’ failures, thousands of Defendants’ routers and cameras have been vulnerable to attacks that subject consumers’ sensitive personal information and local networks to a significant risk of unauthorized access,” the FTC said in its complaint.

If a customer’s router was hacked, the FTC said, attackers could redirect users to fake websites where the hackers would be able to retrieve sensitive information through phishing. Hacked surveillance cameras are the leading soldiers in botnets, zombie armies of compromised smart devices[2] used for distributed denial of service attacks. In an October DDoS attack[3] that took down web favorites like Netflix, Spotify and Twitter, hundreds of thousands of security cameras from around the world were hacked[4] and used to overwhelm the services with floods of data requests.

The FTC is worried hackers have been exploiting security flaws in D-Link’s cameras to use the devices in similar assaults. It accused the company of lying about its practices in its ads, in which D-Link promised “advanced network security.” In a statement[5], D-Link said it would fight the FTC’s lawsuit, pointing out that the complaint says buyers were at risk but fails to point out any examples of actual hacking.

“D-Link Systems, Inc. will vigorously defend itself against the unwarranted and baseless charges made by the Federal Trade Commission,” the company said in its statement. CNET Magazine: Check out a sampling of the stories you’ll find in CNET’s newsstand edition, right here.
[6]
Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.

Check it out here[7].

References

  1. ^ PDF (www.ftc.gov)
  2. ^ zombie armies of compromised smart devices (www.cbsnews.com)
  3. ^ an October DDoS attack (www.techrepublic.com)
  4. ^ hundreds of thousands of security cameras from around the world were hacked (www.cnet.com)
  5. ^ In a statement (supportannouncement.us.dlink.com)
  6. ^ here (www.cnet.com)
  7. ^ here (www.cnet.com)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

       
Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games