The US Federal Trade Commission is acting against the Taiwan-based D-Link over alleged security flaws in some of its products.
Although this issue was flagged earlier this year (iTWire report here) and strongly denied by D-Link (iTWire report here) the US FTC filed a complaint on 5 January 2017, for permanent injunction and other equitable relief in the federal Northern District Court of California that claimed D-Link routers and internet accessible security cameras have put “thousands at risk” over a decade of poor security practices.
The complaint included “well-known and easily preventable software security flaws, such as hard-coded user credentials and other backdoors, and command injection flaws, which would allow remote attackers to gain control of consumers’ devices."
D-Link denied FTC’s claims stating, "D-Link Systems, Inc. is aware of the complaint filed by the FTC. D-Link denies the allegations outlined in the complaint and is taking steps to defend the action. The security of our products and protection of our customer’s private data is always our top priority."
{loadposition ray}
These are serious allegations leading to the FTC’s action. As this a US based action D-Link Australia kindly pointed iTWire to its US site where it has a statement.
From what I have read there were security flaws in some routers and IP cameras, D-Link acted in a timely manner to identify flaws and issue firmware updates, and the legal proceedings seem more of a formality. D-Link router and camera owners should ensure the latest firmware is installed, passwords changed, and remote administation disabled. That advice applies to any brand of router.
The issue is very similar to the FTC's pursuit of ASUS over its routers earlier in 2016. It stems from the broad industry use of essentially the same chipsets, a Linux embedded OS, and what were, at the time, acceptable security practices e.g. shipping the router with a default admin/password as has happened with almost every brand of router since day one!
Almost all manufacturers of home routers - Linksys (under Cisco - now owned by Belkin), NetGear, ZyXEL,TP-Link, Fritz!Box, and Apple Airport, have faced the same issues. Commerical routers from Cisco, Juniper, Aruba, Fortinet, Huawei, and many more have also been affected.
If you are interested there is a great site that records router issues here - its a scary read.