D-Link agrees to beef up smart home security after FTC lawsuit

The FTC had sued D-Link over its internet-connected security cameras and wireless routers.

Corinne Reichert Senior Writer
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently oversees the CNET breaking news desk for the West Coast. Corinne covers everything from phones, social media and security to movies, politics, 5G and pop culture. In her spare time, she watches soccer games, F1 races and Disney movies.
Expertise News
Corinne Reichert

D-Link has to comply with a stricter security policy.

Tyler Lizenby/CNET

The US Federal Trade Commission has ended its litigation against D-Link over the security risks of using its smart home cameras and wireless routers. D-Link has agreed to implement a software security program involving planning, threat modeling and vulnerability testing before releasing products, the FTC said Tuesday.

The FTC kicked off legal action against D-Link back in 2017, saying there were vulnerabilities in its internet-connected cameras and routers that exposed or left vulnerable customer information including live video and audio to third parties and hackers.

"We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users' most sensitive personal information to prying eyes," Andrew Smith, director of the FTC's Bureau of Consumer Protection, said Tuesday.

According to the FTC, D-Link failed to provide even basic software security, such as testing and fixing "well-known and preventable security flaws" including hard-coded login credentials where "guest" was used as a username, as well as storing mobile app login credentials in plain text on customers' mobile devices.

Watch this: Your Ring camera could be a part of a police surveillance network

D-Link will now also be required to conduct ongoing monitoring of security flaws, issue automatic firmware updates and accept vulnerability reports from independent security researchers.

"In addition, D-Link is required for 10 years to obtain biennial, independent, third-party assessments of its software security program," the FTC added. It has filed the proposed settlement with the US District Court for the Northern District of California.

D-Link didn't immediately respond to a request for comment.

All of Amazon's Alexa smart speakers

See all photos