The Federal Trade Commission of the United States (FTC) filed a lawsuit against D-Link, arguing that the company puts thousands of customers at risk of unauthorized access by failing to adequately insure IP cameras and routers on the market after security breaches discovered last year .
Η lawsuit [PDF], filed in San Francisco District Court on Jan. 5, claims that D-Link "repeatedly failed to take appropriate steps to test and restore the software for greater protection of routers and IP cameras against known security vulnerabilities."
Specifically, the FTC reported that D-Link has not changed anything in the now-known hard-coding connection credentials or backdoors that allow unauthorized access to live feeds in the camera software manufactured by the company.
Vulnerabilities, although known, have long been known to the company and allow hackers to remotely control and send commands to routers. D-Link is allegedly using free software available from 2008 to protect users.
Defendants have failed to take appropriate measures to protect their routers and IP webcams from well-known and reasonably predictable security vulnerabilities that allow unauthorized access. For these security vulnerabilities, the Open Web Application Security Project has ranked the Web application among the most dangerous at least since 2007, ”the lawsuit states.
The FTC says these vulnerabilities can be exploited in "simple steps" and with "widely available tools".
Finally, according to the lawsuit, the company did not fail to protect its customers but continued to actively advertise the safety of the devices during this period.
The above news was late but came. Of course, other lawsuits should follow, since D-Link is not the only one that does not adequately protect its customers.