The Federal Trade Commission has filed a lawsuit against the Taiwan-based D-Link Corporation and its US subsidiary, D-Link Systems, Inc., for not taking steps to secure their devices, which left them vulnerable to hackers.
In the complaint, filed on Thursday, the FTC alleged that the company “failed to take reasonable steps to protect their routers and [Internet Protocol] cameras from widely known and reasonably foreseeable risks of unauthorized access.” D-Link also failed to test for security flaws, keep its own security keys confidential, or take steps to secure login credentials on mobile devices.
The FTC noted in the complaint that the inaction from the company has left thousands of customers at risk of having their personal information compromised or vulnerable to attack.
This isn’t the first time that the FTC has filed a complaint against a manufacturer over concerns about their security. In September 2013, the commission settled a complaint against TRENDnet after alleging that its home cameras were not secure, and in February 2016 settled with ASUS over unsecured internet routers. “The consequences for consumers can include device compromise and exposure of their sensitive personal information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection.
With these complaints, the commission has recognized the inherent danger in the growing number of connected devices, which can both leave consumers at risk, and be used maliciously. In October, a massive denial of service (DDoS) attack took down numerous websites, utilizing a number of connected home devices that weren’t secured.
The complaint will next be seen by a federal district court judge.
Update, January 8th: William Brown, the chief information security officer for D-Link has provided the following statement:
D-Link denies the allegations outlined in the complaint and is taking steps to defend the action.