FTC sues D-Link over router and camera security flaws

Share This Page

If you’ve got a wireless network, your wireless router connects your computer and other devices to the internet. If it’s reasonably designed and configured, the router also is a gate that should prevent hackers from accessing your devices and data. Hackers have used unsecured internet-connected devices, like routers and cameras, to steal people’s data, spy on their activities, and even bring down important websites. So it’s pretty important that routers – key connections to the internet – are secured, right?

The FTC thinks so, which is why today we’re suing the makers and distributors of D-Link products, for failing to take reasonable steps to secure their routers and IP cameras.

D-Link claimed its routers were “EASY TO SECURE” with “ADVANCED NETWORK SECURITY,” but the FTC says the company failed to protect its routers and cameras from widely known and reasonably foreseeable risks. According to the FTC’s complaint, hackers could use a special search engine to find vulnerable devices over the internet and get their IP addresses. After that, the FTC says it was pretty simple to gain access to people’s sensitive data, including tax returns and other financial information. 

The complaint also says security gaps could allow hackers to watch and record people on their D-Link cameras without their knowledge, target them for theft, or record private conversations.

These tips can help you secure your router:

  • Before you buy or replace a device, do research online. Use search engines to find reviews, but be skeptical about the source of the information. Is it from an impartial security expert, a consumer, or the company itself?
  • Download the latest security updates. To be secure and effective, update the software that comes with your device. Check the manufacturer’s website regularly for new software and updates.
  • Change your pre-set passwords. Change the device’s default password to something more complex and secure.

There are additional steps you can take to help keep your IP camera secure.

Comments

I have had a D-Link router for several years. I have been hacked several times. I did not know that there was a problem.

Are bank cameras security systems safe?

Yes, the CCTV systems in banks are very different from IP cameras for consumer use.

Most systems recording the video on the back-end are the same unpatched, un-maintained little linux servers that they just make into the camera direct now on tiny computers. They are just as vulnerable, but usually hidden inside a firewall somewhere inside the company network. Don't trust any of the camera equipment vendors, big ones are just as lazy as the no-name ones to fix reported security issues.

Thank goodness I have had my cameras hacked.

Please let me know what to do about the situation thank you

It would help tremendously if you could cite a reliable independent reviewing source. I'm not convinced Consumer's Union has the technical savvy to do deep security analysis, and most others have a stake in the outcome (advertising income if nothing else). It's also important to distinguish default product firmware from the open-source installable versions on some devices, and to enumerate the optimal settings for each box as well as reviewing its as-shipped default configuration. There must be people doing that kind of work, but finding and recovery using them is tough without so.e sort of certification/endorsement mechanism...

So Is the FTC going to sue Car Makers for having internet access? States for hacking into Insurance company data bases... oops I mean Health care exchanges controlling Databases at insurance companies. Banks for reporting private transactions to the Government?

How does the FTC determine what is REASONABLE DESIGN? What responsibility does the user have?? The end result of this will be Lifespan Limits on Hardware. As soon as a hack is available for a device, the manufacturer will have to remotely SHUT it OFF to protect themselves from lawsuits.

No Thank You FTC.

I own a D-Link router thru Optimum. I've been hacked repeatedly, and paid $300 each time to "MS techs". What can FTC do to help me?

You can't blame your router for a ransom ware attack. Those are almost always caused by clicking a malicious link.

how can i tell if my wifi enabled security cams to router are being hacked if I use updated security protocol, modem, router, and internet security? I hear odd beeps near home and now see stripes at times on a cam is this a sign?

Do we see any of the money for the suit? like since I have a D-Link DIR-885L $299.00 Router & A D-Link $145.00 Camera which has been hacked, do we get our money back or is this something we the consumer never see and just goes into the governments pocket?

This blog announces the lawsuit being filed. To learn what happens in the case, look for updates on the case page.

I can think of more severe issues that the FTC should be investigating, including the current craze of ensuring vehicles are connected in various ways to the Internet. Router security pales in comparison to the mischief and malicious acts that can be directed at vehicles these days. But I guess it's easier to go after a foreign company than it is to force American companies to get serious about security in their vehicles.

Typical.

The recent spate of IoT attacks that took down the internet are precisely why the FTC is taking this seriously.

Well, they are both incredibly important topics. I believe it is good the FTC is going after repeat offenders, which will could very well set a precedent throughout the market, including encouraging car manufacturers to secure their products better.

Having secure internet facing devices is incredibly important in stopping these large scale infrastructure attacks that have been up-ticking substantially these past few years.

Routers are the gatekeepers to entire networks of information and I applaud the FTC for making an example of D-Link. The security of these devices as a whole is pretty bad, google it. And cars don't need to be connected to the internet to be hacked, google that one too.

I thought it was the responsibility of the ISP to install updates on users routers as they become available.

I have a D-link router that I thought was secure. Which D-link routers are insecure?

@Biker They're going after the most actively exploited threats first. In this case, DLink routers made up a sizable chunk of the Mirai Botnet's arsenal, which where exploited via plain-text backdoors DLink left in their routers that gave direct access to the administrative panel and from there they could do anything and they did.

We live in complex with wifi. My problem is thur TWC getting router imformation now most of my electronics will not work. what can i do to get my life back file police report and now working with FBI. Do not need a DLink did same to me also.

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.