Judge Kills FTC Lawsuit Against D-Link for Flimsy Security Back in January, you might recall that the FTC sued hardware vendor D-Link for adequately failing to secure the company's home networking hardware. According to the original FTC complaint, an agency inquiry found that while D-Link PR material consistently claimed the highest security standards, little to nothing was done by the company to eliminate a number of "well-known and easily preventable security flaws" that potentially put millions of residential consumers at risk. The flaws, found in both D-Link routers and cameras, included:

• "Hard-coded" login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed. • A software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet. • The mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and • Leaving users' login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information. But a Judge has now dismissed the FTC's case (pdf, hat tip to the fine folks at the Consumerist), claiming that the FTC failed to provide enough specific examples of harm done to consumers, or specific instances when the routers in question were breached. “The FTC does not identify a single incident where a consumer’s financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the [D-Link] devices,” wrote the Judge. “The absence of any concrete facts makes it just as possible that [D-Link]’s devices are not likely to substantially harm consumers, and the FTC cannot rely on wholly conclusory allegations about potential injury to tilt the balance in its favor.” Of course that doesn't mean D-Link's products were secure, just that the FTC did a piss poor job presenting the case, or citing more clear examples of consumer harm. But default credentials are among the worst habits of many hardware vendors, and have been routinely abused by hackers for years. And D-Link isn't alone when it comes to half-assed security; the FTC settled a similar case against Asus Of course that doesn't mean D-Link's products were secure, just that the FTC did a piss poor job presenting the case, or citing more clear examples of consumer harm. But default credentials are among the worst habits of many hardware vendors, and have been routinely abused by hackers for years. And D-Link isn't alone when it comes to half-assed security; the FTC settled a similar case against Asus back in early 2016







News Jump Comcast Shuts Off Internet for Subs Who Were Sold Service Illegally; AT&T, Verizon Team To Stop T-Mobile 5G; + more news California Defends Its Net Neutrality Law; AT&T's Traffic Up 20% Despite Data Traffic Actually Being Down; + more news Are The Comcast-Charter X1 Talks Dead In The Water?; AT&T May Offer Phone Plans With Ads For Discounts; + more news Europe's Top Court: Net Neutrality Rules Bar Zero Rating; ViacomCBS To Rebrand CBS All Access As Paramount+; + more news Verizon To Buy Reseller TracFone For $7B; 5G Not The Competitive Threat To Cable Many Thought It Would Be; + more news MS.Wants Records From AT&T On $300M Project; Google Fiber Outages In Austin, Houston, Other Texan Cities; + more news States With The Biggest Decreases In Speed; AT&T Hopes You'll Forget Its Fight Against Accurate Maps; + more news AT&T's CEO Has A Familiar $olution To US Broadband Woes; EarthLink Files Suit Against Charter; + more news 5G Doesn't Live Up To Hype, AT&T's 5G Slower Than Its 4G; Cord-Cutting Now In 37% of Broadband Households; + more news FCC Cited False Broadband Data Despite Warnings; ZTE, Huawei Replacement Cost Is $1.87B, But Only $1B Allocated; + more ---------------------- this week last week most discussed

Most recommended from 21 comments



Economist

The economy, stupid

Premium Member

join:2015-07-10

united state ·AT&T FTTP

10 recommendations Economist Premium Member So if I market... ...a chainsaw juggling set to kids, claiming it the world’s safest toy, the FTC has to wait for bloody limbs before saying, “Woe, stop the clock!”



The facts are simple, D-link advertised something that was not true, unfortunately many judges are dim.

Rogue Wolf

voted for you for GOAT

join:2003-08-12

Troy, NY 4 recommendations Rogue Wolf Member "No harm, no foul"? hit anyone!". Just waiting for some maniac to open fire on a school with an assault rifle, then try to claim "it's not like Ianyone!".

w0g

o.O

join:2001-08-30

Springfield, OR 2 edits 3 recommendations w0g Member actually a good case here's the reason the FTC case was good enough. D-link was obviously using very deceptive marketing, which was not anywhere near inline with how they actually built their products. they do not actually invest the money to claim their products are 'secure.' therefore it's baseless marketing in action, where the company makes a patently untrue claim amongst perhaps many, in order to bolster sales and profits, and build their brand even if their actual products are not backed by the marketed standards and quality. D-link knows that they can sell more products by merely producing marketing that appeals to citizens, which gives them false beliefs, and induces purchases. the incentive to lie to boost profits is very high.



D-link marketers: made up of psychologists who specialize in controlling the world view of people, telling peoples brains a lie.

D-link hardware/software guys: building products using standard components on the market available to all vendors such as Broadcom chips, Linux OS, without actual investment of time, effort or money as the marketers spin. rradina

join:2000-08-08

Chesterfield, MO 3 recommendations rradina Member Perhaps New Law Needed Why isn't this like auto-manufactures that fix defects even though no harm has come to consumers?