03 July 19, 08:52
Quote:Taiwanese networking equipment manufacturer D-Link today settled a Federal Trade Commission (FTC) lawsuit originating from a 2017 complaint saying that it failed to properly secure its Internet-connected cameras and wireless routers.
As the original complaint filed by FTC said, D-Link "failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access, including by failing to protect against flaws which the Open Web Application Security Project has ranked among the most critical and widespread web application vulnerabilities since at least 2007."
This left devices sold to U.S. consumers vulnerable to potential attacks, and also exposed sensitive information such as audio and video feeds to unauthorized access and data theft.
D-Link also did not follow basic secure software development practices, "including testing and remediation to address well-known and preventable security flaws", which led to the use of hard-coded login credentials in D-Link camera software and to the storage of mobile app credentials in plain text on users' devices.
"We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users’ most sensitive personal information to prying eyes," stated Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. "Manufacturers and sellers of connected devices should be aware that the FTC will hold them to account for failures that expose user data to risk of compromise."
SOURCE: https://www.bleepingcomputer.com/news/se...-security/
![[-]](https://www.geeks.fyi/images/collapse.png)
