IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FTC: D-Link IoT devices put thousands of customers at risk

D-Link calls Federal Trade Commission's claims "vague and unsubstantiated"


The US Federal Trade Commission has accused D-Link of putting thousands of customers at risk by failing to provide adequate security measures in its IoT devices. 

Charges filed yesterday say the Taiwanese company failed to take steps to prevent intruders from hacking IoT devices, with the view to steal customer network data or add devices to a larger 'botnet'.

D-Link called the allegations "vague and unsubstantiated".

The filing, made to the US District Court for the Northern District of California, represents a wider FTC campaign to improve the security of connected devices around the home, including webcams, routers, security cameras and other smart home technology.

The complaint states D-Link has "failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorised access", and has failed to protect customers against flaws considered "among the most critical and widespread web application vulnerabilities since at least 2007".

D-Link is accused of repeatedly failing to guard against "easily preventable software flaws", including the use of default user credentials, command injection flaws, and backdoors, which would allow the remote hacking of devices.

Specified in the complaint are D-Link's Wireless N 300 Router, N Dual Band Router, and the N Network Camera.

The company's allegedly inadequate approach to security has meant D-Link devices have put thousands of customers at risk of unauthorised access, and of being made part of a larger IoT botnet, according to the complaint.

"The FTC has made vague and unsubstantiated allegations relating to routers and IP cameras," a D-Link spokesperson responded in a statement. "D-Link Systems will vigorously defend itself against the unwarranted and baseless charges made by the FTC."

"The complaint does not allege any breach of a D-Link Systems device. Instead, the FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege that actual consumers suffered or are likely to suffer actual substantial injuries," the statement adds.

A D-Link Wi-Fi camera flaw discovered in July 2016 was found to have potentially exposed 400,000 devices to remote hacking, allowing intruders to change default credentials and potentially spy on users in their home. A firmware update to the DCS-930L Cloud Camera allowed hackers to use a single line of code to gain unauthorised access. D-Link is yet to respond to IT Pro's request for comment on the issue.

The hacking of IoT devices has led to the creation of botnets on a massive scale, resulting in a series of attacks by the so-called 'Mirai botnet' in 2016. Since its discovery, the army of enthralled IoT devices has launched some of the largest DDoS attacks in history, including the massive cyber attack against Dyn servers in October, which knocked sites such as Twitter, Netflix and Reddit offline.

The FTC brought similar charges against Asus last February, after a flaw was discovered in 2014 that allowed almost 13,000 routers to be remotely hacked, forcing the company into a program of independent security reviews for the next 20 years.

The complaint outlines six counts of breaking FTC policy, including misrepresentation of promotional security material and unfairness in handling customer safety. The FTC has requested the court to force D-Link to review security practices and reimburse any legal fees.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022