acm-header
Sign In

Communications of the ACM

ACM News

The Ftc Has Sued D-Link Over ­nsecure Routers and Webcams


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A D-Link webcam.

The U.S. Federal Trade Commission has filed suit against Taiwan-based D-Link Corporation and its U.S. subsidiary for failure to secure Internet-connected devices they brought to market.

Credit: The Verge

The U.S. Federal Trade Commission has filed a lawsuit against the Taiwan-based D-Link Corporation and its U.S. subsidiary, D-Link Systems, Inc., for not taking steps to secure their devices, which left them vulnerable to hackers.

In the complaint, filed on Thursday, the FTC alleged that the company “failed to take reasonable steps to protect their routers and [Internet Protocol] cameras from widely known and reasonably foreseeable risks of unauthorized access.” D-Link also failed to test for security flaws, keep its own security keys confidential, or take steps to secure login credentials on mobile devices.

The FTC noted in the complaint that the inaction from the company has left thousands of customers at risk of having their personal information compromised or vulnerable to attack.

This isn’t the first time that the FTC has filed a complaint against a manufacturer

This isn’t the first time that the FTC has filed a complaint against a manufacturer over concerns about their security. In September 2013, the commission settled a complaint against TRENDnet after alleging that its home cameras were not secure, and in February 2016 settled with ASUS over unsecured internet routers. “The consequences for consumers can include device compromise and exposure of their sensitive personal information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection.

With these complaints, the commission has recognized the inherent danger in the growing number of connected devices, which can both leave consumers at risk, and be used maliciously. In October, a massive denial of service (DDoS) attack took down numerous websites, utilizing a number of connected home devices that weren’t secured.

The complaint will next be seen by a federal district court judge.

Update, January 8th: William Brown, the chief information security officer for D-Link has provided the following statement:

D-Link denies the allegations outlined in the complaint and is taking steps to defend the action.

 

From The Verge
View Full Article


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account