The US Federal Trade Commission has accused D-Link of putting thousands of customers at risk by failing to provide adequate security measures in its IoT devices.

Charges filed yesterday say the Taiwanese company failed to take steps to prevent intruders from hacking IoT devices, with the view to steal customer network data or add devices to a larger 'botnet'.

D-Link called the allegations "vague and unsubstantiated".

The filing, made to the US District Court for the Northern District of California, represents a wider FTC campaign to improve the security of connected devices around the home, including webcams, routers, security cameras and other smart home technology.

The complaint states D-Link has "failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorised access", and has failed to protect customers against flaws considered "among the most critical and widespread web application vulnerabilities since at least 2007".

D-Link is accused of repeatedly failing to guard against "easily preventable software flaws", including the use of default user credentials, command injection flaws, and backdoors, which would allow the remote hacking of devices.

Specified in the complaint are D-Link's Wireless N 300 Router, N Dual Band Router, and the N Network Camera.