X

D-Link agrees to beef up smart home security after FTC lawsuit

The FTC had sued D-Link over its internet-connected security cameras and wireless routers.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News, mobile, broadband, 5G, home tech, streaming services, entertainment, AI, policy, business, politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert
d-link-full-hd-180-degree-wi-fi-camera-product-photos-1.jpg

D-Link has to comply with a stricter security policy.

Tyler Lizenby/CNET

The US Federal Trade Commission has ended its litigation against D-Link over the security risks of using its smart home cameras and wireless routers. D-Link has agreed to implement a software security program involving planning, threat modeling and vulnerability testing before releasing products, the FTC said Tuesday.

The FTC kicked off legal action against D-Link back in 2017, saying there were vulnerabilities in its internet-connected cameras and routers that exposed or left vulnerable customer information including live video and audio to third parties and hackers.

"We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users' most sensitive personal information to prying eyes," Andrew Smith, director of the FTC's Bureau of Consumer Protection, said Tuesday.

According to the FTC, D-Link failed to provide even basic software security, such as testing and fixing "well-known and preventable security flaws" including hard-coded login credentials where "guest" was used as a username, as well as storing mobile app login credentials in plain text on customers' mobile devices.

Watch this: Your Ring camera could be a part of a police surveillance network

D-Link will now also be required to conduct ongoing monitoring of security flaws, issue automatic firmware updates and accept vulnerability reports from independent security researchers.

"In addition, D-Link is required for 10 years to obtain biennial, independent, third-party assessments of its software security program," the FTC added. It has filed the proposed settlement with the US District Court for the Northern District of California.

D-Link didn't immediately respond to a request for comment.

All of Amazon's Alexa smart speakers

See all photos