U.S. Claims Thousands of D-Link Users Exposed to Hackingby
Taiwanese firm sued over home-network device security lapses
Federal Trade Commission alleges company deceived consumers
A U.S. consumer protection watchdog sued a Taiwan-based maker of home-networking equipment over claims that lax security left its products vulnerable to hackers.
The Federal Trade Commission alleged that D-Link Corp. and a U.S. unit failed to secure their routers and web cameras, exposing thousands of American consumers to targeted online security breaches. Products with inadequate safeguards allowed attackers to “monitor a consumer’s whereabouts in order to target them for theft or other crimes," according to the complaint filed Thursday in San Francisco federal court.
The agency also accused D-Link of failing to use industry-determined best practices to secure consumer content, including software meant to keep private log-in information on multiple platforms. The FTC faulted the company for promoting its products as “easy to secure,” and armed with “advanced network security."
“In many instances, remote attackers could take simple steps, using widely available tools, to locate and exploit defendants’ devices, which were widely known to be vulnerable," according to the complaint. “An attacker could compromise a consumer’s router, thereby obtaining unauthorized access to consumers’ sensitive personal information."
D-Link denied the allegations and will defend itself it court, said Ashley Nakano, a spokeswoman. The company will “shortly” publish a question-and-answer note for consumers on its website, she said.
The regulator seeks a court order barring the company from engaging in unfair or deceptive acts in violation of the Federal Trade Commission Act.
Another Taiwan-based hardware maker, Asustek Computer Inc., in February settled a similar FTC case alleging that its routers had critical security flaws that put home networks at risk. The accord requires Asustek to maintain a security program subject to independent audits over two decades.
The case is Federal Trade Commission v. D-Link Corp., 17-cv-00039, U.S. District Court, Northern District of California (San Francisco).