Home router and webcam manufacturer D-Link was sued by the U.S. Federal Trade Commission (FTC) for having misleading security claims on its products and leaving vulnerability for hackers to intrude consumers’ privacy.
According to the complaint filed by the federal court, D-Link has “failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access.”
The FTC said that D-Link has shipped products with default hard-coded administrator passwords and well-known software vulnerabilities for years. The company’s mobile app stores usernames and passwords that grant remote access in plaintext. Also, the private encryption key belonging to D-Link engineers was left on a public website for six months.
In D-Link’s marketing languages, the company used terms like “easy to secure” or “advanced network security” that went against the scenarios that the FTC inspected.
It’s not the first time that the FTC filed complaints against IoT companies. Back in February 2016, the agency charged ASUS for having critical security flaws in its routers that put the home network of hundreds of thousands of consumers at risk. In 2013, the FTC also found flaws in TRENDnet’s video cameras.
IoT devices have become the easy target for hackers, due to its common security flaws. According to British firm ISP Beaming, UK businesses each suffered 230,000 cyberattacks on average in 2016, while attacks against IoT devices rose 310% between Q1 and Q4 in 2016. Hackers looked to take over security cameras and other connected devices to obtain ‘remote control.’
The FTC’s legal actions against poor cybersecurity and data protection seem to become the norm these days. To boost IoT device security, the agency has recently started a challenge for the public to create tools protecting IoT devices at home, with the final winner receiving up to $25,000.