The United States Federal Trade Commission (FTC) has filed a lawsuit against D-Link, claiming the company is putting thousands of customers at risk of unauthorized access, failing to adequately secure the IP cameras and routers it markets, following security vulnerabilities discovered last year.
Η lawsuit [PDF], filed in San Francisco District Court on Jan. 5, claims that D-Link "repeatedly failed to take appropriate steps to test and restore the software for greater protection of routers and IP cameras against known security vulnerabilities."
Specifically, the FTC reported that D-Link has not changed anything in the now-known hard-coding connection credentials or backdoors that allow unauthorized access to live feeds in the camera software manufactured by the company.
The vulnerabilities, although known, have been known to the company for a long time and allow hackers to remotely control and send commands to routers. D-Link reportedly uses free software available since 2008 to protect users.
“Defendants failed to take adequate measures to protect their routers and IP webcams from widely known and reasonably foreseeable security gaps that allow unauthorized access. For these security gaps Open Web Application Security Project has ranked the Web application among the most dangerous since at least 2007,” the lawsuit states.
The FTC says these vulnerabilities can be exploited in "simple steps" and with "widely available tools".
Finally, according to the lawsuit, the company did not fail to protect its customers but continued to actively advertise the safety of the devices during this period.
The above news was late but came. Of course, other lawsuits should follow, since D-Link is not the only one that does not adequately protect its customers.