US claims thousands of D-Link users exposed to hacking
SAN FRANCISCO — A US consumer protection watchdog sued a Taiwan-based maker of home-networking equipment over claims that lax security left its products vulnerable to hackers.
Screencap from D-Link website
SAN FRANCISCO — A US consumer protection watchdog sued a Taiwan-based maker of home-networking equipment over claims that lax security left its products vulnerable to hackers.
The Federal Trade Commission alleged that D-Link Corp and a US unit failed to secure their routers and web cameras, exposing thousands of American consumers to targeted online security breaches. Products with inadequate safeguards allowed attackers to “monitor a consumer’s whereabouts in order to target them for theft or other crimes,” according to the complaint filed Thursday (Jan 5) in San Francisco federal court.
The agency also accused D-Link of failing to use industry-determined best practises to secure consumer content, including software meant to keep private log-in information on multiple platforms. The FTC faulted the company for promoting its products as “easy to secure”, and armed with “advanced network security.”
“In many instances, remote attackers could take simple steps, using widely available tools, to locate and exploit defendants’ devices, which were widely known to be vulnerable,” according to the complaint. “An attacker could compromise a consumer’s router, thereby obtaining unauthorised access to consumers’ sensitive personal information.”
D-Link denied the allegations and will defend itself it court, said Ms Ashley Nakano, a spokeswoman. The company will “shortly” publish a question-and-answer note for consumers on its website, she said.
COURT ORDER
The regulator seeks a court order barring the company from engaging in unfair or deceptive acts in violation of the Federal Trade Commission Act.
Another Taiwan-based hardware maker, Asustek Computer Inc, in February settled a similar FTC case alleging that its routers had critical security flaws that put home networks at risk. The accord requires Asustek to maintain a security program subject to independent audits over two decades.
The case is Federal Trade Commission v. D-Link Corp., 17-cv-00039, U.S. District Court, Northern District of California (San Francisco). BLOOMBERG
Stay in the know. Anytime. Anywhere.
Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.
By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.
