Home United States USA — IT FTC Takes Aim at D-Link for IoT Security

FTC Takes Aim at D-Link for IoT Security


NewsHubIn a legal complaint, the FTC makes multiple allegations about improper security measures in D-Link devices that could potentially enable attacks. D-Link calls the claims “vague and unsubstantiated. ”
The U. S Federal Trade Commission (FTC) filed a legal complaint against networking equipment vendor D-Link Corporation on Jan. 5, alleging that the company has inadequate security measures in its products, leaving consumers at risk. D-Link denies the allegations.
In a 31-page legal complaint , the FTC outlined multiple alleged failings in D-Link’s security. According to the complaint, D-Link, “…failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access… “
Among the issues alleged by the FTC complaint are hard-coded user credentials, which are embedded passwords in devices that users cannot easily change, that could enable an attacker unauthorized access. The FTC also warns about command injection flaws that might potentially enable a remote attacker to gain control of a vulnerable D-Link device.
The FTC also takes issue with how D-Link secures mobile application login credentials, which allegedly are now being stored in a non-encrypted readable text format. As well, the FTC is concerned with how D-Link has managed its own private encryption key, that is used to validate the authenticity of D-Link’s software.

Continue reading...