The Federal Trade Commission of the United States (FTC) filed a lawsuit against D-Link, arguing that the company puts thousands of customers at risk of unauthorized access by failing to adequately insure IP cameras and routers on the market after security breaches discovered last year .
Η lawsuit [PDF], filed in San Francisco District Court on Jan. 5, claims that D-Link "repeatedly failed to take appropriate steps to test and restore the software for greater protection of routers and IP cameras against known security vulnerabilities."
Specifically, the FTC reported that D-Link has not changed anything in the now-known hard-coding connection credentials or backdoors that allow unauthorized access to live feeds on software in the cameras manufactured by the company.
Vulnerabilities, although known, have long been known to the company and allow hackers to remotely control and send commands to routers. D-Link is allegedly using free software available from 2008 to protect users.
“Defendants failed to take adequate measures to protect their routers and IP webcams from widely known and reasonably foreseeable security gaps that allow unauthorized access. For these security gaps Open Web Application Security Project has ranked the Web application among the most dangerous since at least 2007,” the lawsuit states.
The FTC says these vulnerabilities can be exploited in "simple steps" and with "widely available tools".
Finally, according to the lawsuit, the company did not fail to protect its customers but continued to actively advertise the better safety of devices during this period.
The above news was late but came. Of course, other lawsuits should follow, since D-Link is not the only one that does not adequately protect its customers.
