D-Link agrees to beef up smart home security after FTC lawsuit
The FTC had sued D-Link over its internet-connected security cameras and wireless routers.
D-Link has to comply with a stricter security policy.
The US Federal Trade Commission has ended its litigation against D-Link over the security risks of using its smart home cameras and wireless routers. D-Link has agreed to implement a software security program involving planning, threat modeling and vulnerability testing before releasing products, the FTC said Tuesday.
The FTC kicked off legal action against D-Link back in 2017, saying there were vulnerabilities in its internet-connected cameras and routers that exposed or left vulnerable customer information including live video and audio to third parties and hackers.
"We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users' most sensitive personal information to prying eyes," Andrew Smith, director of the FTC's Bureau of Consumer Protection, said Tuesday.
According to the FTC, D-Link failed to provide even basic software security, such as testing and fixing "well-known and preventable security flaws" including hard-coded login credentials where "guest" was used as a username, as well as storing mobile app login credentials in plain text on customers' mobile devices.
D-Link will now also be required to conduct ongoing monitoring of security flaws, issue automatic firmware updates and accept vulnerability reports from independent security researchers.
"In addition, D-Link is required for 10 years to obtain biennial, independent, third-party assessments of its software security program," the FTC added. It has filed the proposed settlement with the US District Court for the Northern District of California.
D-Link didn't immediately respond to a request for comment.
