Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

US government sues D-Link over alleged security flaws

0
0

US government sues D-Link over alleged security flaws
Photo by CNET

The Federal Trade Commission is taking D-Link to court, accusing the company of poor security practices for its routers, IP cameras, baby monitors and other products.

The lawsuit, filed in San Francisco's district court , argued that D-Link failed to meet security standards from 2007, leaving widespread vulnerabilities for hackers.

The commission alleged that D-Link hard-coded easy-to-crack login credentials into its camera software, allowing hackers to easily spy on the company's customers. The FTC also accused D-Link of failing to encrypt passwords on its mobile app, instead leaving the codes in plain text on devices for anyone nearby to read. D-Link had also allegedly failed to address a "command injection" software flaw, that would let hackers hijack routers from remote locations, according to the FTC.

"As a result of Defendants' failures, thousands of Defendants' routers and cameras have been vulnerable to attacks that subject consumers' sensitive personal information and local networks to a significant risk of unauthorized access," the FTC said in its complaint.

If a customer's router was hacked, the FTC said, attackers could redirect users to fake websites where they would be able to retrieve sensitive information through phishing. Weak security on surveillance cameras are the leading soldiers in botnets, zombie armies of hacked smart devices used for distributed denial of service attacks.

In an October attack that took down web favorites like Netflix, Spotify and Twitter, hundreds of thousands of security cameras from around the world were hacked and used in the massive DDoS attack.

The FTC is worried hackers have been doing the same with D-Link's cameras. It accused the company of lying about its security practices in its ads, where D-Link would promise "advanced network security."

D-Link said in a statement it would fight the FTC's lawsuit, pointing out that the complaint only said buyers were at risk, but failed to point out any examples where it's happened.

"D-Link Systems, Inc. will vigorously defend itself against the unwarranted and baseless charges made by the Federal Trade Commission," the company said in its statement.


Viewing all articles
Browse latest Browse all 12749