CATEGORIES
home News

D-Link Agrees To 10 Years Of Security Oversight Via FTC Settlement

by Brandon HillWednesday, July 03, 2019, 01:57 PM EDT
D-Link is finally coming to terms with a Federal Trade Commission (FTC) lawsuit that was brought against it for serious lapses in security in its networking products. The FTC alleged in its lawsuit that D-Link had left its customers vulnerable to hacks by improperly securing its hardware, not following best practices with regards to login security, and the a rather unforgivable sin of storing passwords in plaintext.

dlink router 2

The lawsuit was originally filed in 2017, but D-Link and the FTC agreed to a settlement this week. “We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users’ most sensitive personal information to prying eyes,” said Andrew Smith, who serves as the Director of the FTC’s Bureau of Consumer Protection. “Manufacturers and sellers of connected devices should be aware that the FTC will hold them to account for failures that expose user data to risk of compromise.”

One of the most egregious cases of D-Link security lapses alleged by the FTC -- which were attributed to both its routers and security cameras -- included easily guessable login credentials that were hard-coded into the device, making it easier for hackers to ensnare these devices into massive botnets. D-Link then had the audacity to advertise that its products were hardened against unauthorized access.

As part of the settlement, D-Link has agreed to 10 years of oversight, including "biennial, independent, third-party assessments" of its security software. The third-party chosen to monitor D-Link must first be approved by the FTC. The company is also being forced to implement a new security program that includes threat modeling, more rigorous testing for vulnerabilities and automatic firmware updates (among other mitigation solutions).

For its part, D-Link alleges that there was "no finding of liability" for the alleged violations cited by the FTC, and that the company will not need to submit to a financial penalty for its actions. "This settlement allows D-Link Systems to vigorously continue with its current comprehensive software security program and sets a new standard for secure software development practices for IoT devices," the company asserted in a statement issued on Tuesday. "Today's announcement further formalizes D-Link Systems' commitment to product quality, which remains a top priority."

Back in 2016, ASUS settled a similar lawsuit with the FTC over its past security transgressions.

Tags:  security, FTC, botnet, d-link
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment