FTC Sues D-Link over Poor Hardware Security

The internet of things (IoT) is a security nightmare – just look at the recent DDoS attacks triggered by millions of IoT devices infected by the Mirai botnet – and D-Link is one of the most egregious offenders when it comes to lax hardware security, at least as far as the US Federal Trade Commission (FTC) is concerned. In fact, the FTC is so aggrieved by D-Link’s failure to properly secure its devices and patch known vulnerabilities that it is suing the company.

“Hackers are increasingly targeting consumer routers and IP cameras — and the consequences for consumers can include device compromise and exposure of their sensitive personal information,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said. “When manufacturers tell consumers that their equipment is secure, it’s critical that they take the necessary steps to make sure that’s true.”

In a press release, D-Link makes it clear that it does not take the FTC lawsuit seriously, accusing it of being “vague and unsubstantiated.”

“The FTC complaint alleges certain security hacking concerns for consumer routers and IP cameras, and we firmly believe that charges alleged in the complaint against D-Link Systems are unwarranted,” William Brown, chief information security officer, D-Link Systems, Inc., said. “We will vigorously defend the security and integrity of our routers and IP cameras and are fully prepared to contest the complaint. Furthermore, we are continually working to address the overall security features of D-Link Systems’ products for their intended applications and to regularly inform consumers of the appropriate steps to take to secure devices.”