FTC Takes D-Link To Court Citing Lax Product Security, Privacy Perils

Reader coondoggie writes: The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company's wireless routers and Internet cameras left consumers open to hackers and privacy violations. The FTC, in a complaint filed in the Northern District of California charged that "D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras." For its part, D-Link Systems said it "is aware of the complaint filed by the FTC." According to the FTC's complaint, D-Link promoted the security of its routers on the company's website, which included materials headlined "Easy to secure" and "Advance network security." But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws such as "hard-coded" login credentials integrated into D-Link camera software -- such as the username âoeguestâ and the password âoeguestâ -- that could allow unauthorized access to the cameras' live feed, etc.

Re:is aware of the complaint filed by the FTC

[Z00L00K]

They are just starting with someone, almost every consumer grade supplier have security holes in their products and they just leave support for your device about a year after you bought it.

Re:D-Link doesn't learn or doesn't care (or both)

[bobbied]

Of course they care... Just only as far as there is money in it...

Look, D-Link sells consumer products and most consumers DON'T CARE about (much less ever THINK about) security. They want a device that does what it's designed to do with a minimum of fuss or mess making it work. They don't want to call technical support, they just want to spend as little as they can in both time and money.

Where I applaud the FTC's paying attention to such things, I'm thinking this isn't going to be very effective in getting manufacturers to knuckle under and do the security thing the right way. NOBODY (well, almost nobody) will care and they simply don't want to pay the price in dollars and time to get proper security configured in that consumer device.. The only way the FTC makes a dent is by hitting D-Link (and other manufacturers) in the pocket book really hard and I don't think they have enough leverage to do that.