The United States Federal Trade Commission (FTC) filed a lawsuit against D-Link, alleging that company puts thousands of customers at risk of unauthorized access by failing to adequately secure IPs cameras and routers on the market, following security vulnerabilities discovered last year.
Η lawsuit [PDF], filed in San Francisco District Court on Jan. 5, alleges that D-Link “repeatedly failed to take adequate steps to test and restore the software for more protection on routers and IP cameras against known security gaps.”
Specifically, the FTC reported that D-Link has not changed anything in the now-known hard-coding connection credentials or backdoors that allow unauthorized access to live feeds in the camera software manufactured by the company.
The vulnerabilities, although they are known, have been known to the company for a very long time and allow hackers to controln remotely and send commands to routers. D-Link has reportedly been using free software available since 2008 to protect users.
"Defendants failed to take adequate measures to protect their routers and IP webcams from widely known and reasonably foreseeable security gaps that allow unauthorized access. For these security gaps, the Open Web Application Security Project has ranked the Web application among the most dangerous since at least 2007," the lawsuit states.
The FTC says these vulnerabilities can be exploited in "simple steps" and with "widely available tools".
Finally, according to the lawsuit, the company did not fail to protect its customers but continued to actively advertise the safety of the devices during this period.
The above news was late but came. Of course, other lawsuits should follow, since D-Link is not the only one that does not adequately protect its customers.
