The Federal Trade Commission has filed a lawsuit against D-Link Corp., alleging that D-Link's security lapses left its wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk.
The lawsuit essentially puts all IoT (Internet of Things) device makers on notice -- potentially holding them accountable for security holes that leave businesses and consumers vulnerable to attacks.
In a complaint filed in the Northern District of California, the FTC alleged that D-Link failed to take reasonable steps to secure its routers and IP cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras, the commission said. The FTC has pursued similar cases against ASUS and TRENDnet, the commission noted.
Among the holes the FTC wants closed: It's not acceptable for network and IT equipment to ship with basic usernames and passwords (i.e., "guest" and "guest"), the commission asserts. The FTC also alleges that D-Link's mobile app leaves user credentials unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.
Major Internet outages, including a massive Distributed Denial of Service (DDoS) attack last year, have been traced back to a range of IoT devices that lacked basic patches and security settings. Regulators have been exploring potential legislation to address basic IoT security needs. The FTC has provided guidance to IoT companies on how to preserve privacy and security in their products while still innovating and growing IoT technology.
ChannelE2E could not reach D-Link for comment about the suit.