Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

D-Link taken to FTC woodshed over Privacy and Security issues..

Discussion in 'General Network Security' started by sfx2000, Jan 5, 2017.

  1. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    9,736
    Location:
    San Diego, CA
    http://www.networkworld.com/article...ting-lax-product-security-privacy-perils.html

    The Federal Trade Commission has filed a complaint against network equipment vendor D-Link saying inadequate security in the company’s wireless routers and Internet cameras left consumers open to o hackers and privacy violations.

    The FTC, in a complaint filed in the Northern District of California charged that “D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.”

    For its part, D-Link Systems said it "is aware of the complaint filed by the FTC. D-Link denies the allegations outlined in the complaint and is taking steps to defend the action. The security of our products and protection of our customers private data is always our top priority."

    FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “Easy to secure” and “Advance network security.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:

    • “Hard-coded” login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed;
    • A software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet;
    • The mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and
    • Leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.
    The FYC said that hackers could exploit these vulnerabilities using any of several simple methods.
     
  2. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    9,736
    Location:
    San Diego, CA
  3. microchip

    microchip Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    340
    Location:
    Belgium
    Add NETGEAR to the list with its recent serious security issues... though they were fast to issue fixes, these were known for months
     
  4. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    21,318
    Location:
    Canada
    Two big manufacturers nailed so far - hopefully the trend continues (and those who haven't been taken to task yet will get the clue that maybe it's time to handle security as a priority, not as an option.)
     

Share This Page