Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Jimmy H. Koo
Taiwan-based D-Link Corp. and its U.S. subsidiary D-Link Systems Inc. put U.S. consumer privacy at risk by failing to take reasonable steps to secure the wireless routers and webcams they sold, the FTC alleged in a Jan. 5 federal court complaint ( FTC v. D-Link Corp. , N.D. Cal., No. 3:17-cv-00039, complaint filed 1/5/17 ).
Companies engaged in the exploding internet of things (IoT) market that produces devices linked to the web have been on notice from commission statements and the insights of attorney analysts that the FTC intended to turn enforcement attention to them this year. The D-Link court filing in the U.S. District Court for the Northern District of California is the first concrete evidence of that focus in 2017.
D-Link Systems President William Brown told Bloomberg BNA Jan. 5 that the company “denies the allegations outlined in the complaint and is taking steps to defend the action.” Brown said that the security of D-Link’s products and the protection customers’ private data “is always our top priority.”
With the rise of ubiquitous internet connectivity, the number of IoT devices—including routers, webcams and other connected devices—is expected to increase up to 50.1 billion by 2020. In October, cybercriminals took advantage of security vulnerabilities in connected devices to launch a distributed denial-of-service attack that shut down numerous websites, including Netflix Inc. and Twitter Inc., by overloading them with traffic.
Privacy and security attorneys previously told Bloomberg BNA that the FTC will likely turn its attention to data security cases involving IoT in 2017.
According to the FTC’s complaint D-Link promoted the security of its routers as “easy to secure” and that they provided “advanced network security.”
The complaint asserted that the company violated Section 5 of the FTC Act by unfairly treating consumers through lax data security and also by misrepresenting to consumers the security of its products.
However, the FTC alleged, that the D-Link’s products had many “well-known and easily preventable security flaws,” including “hard-coded” login credentials—such as username “guest” and password “guest”—integrated into camera’s software, which could grant unauthorized access to the camera’s live feed. The company’s software also contained a flaw that could allow remote hackers to take control of the routers, the FTC said.
“By using a compromised camera, an attacker could monitor a consumer’s whereabouts in order to target them for theft or other crimes, or watch and record their personal activities and conversations,” the FTC said in a statement.
This isn’t the first time that the FTC has taken action over router data security. In July, the FTC finalized an administrative settlement with Taiwan-based ASUSTeK Computer Inc. over allegations that security flaws in the company’s router put consumers’ home networks at risk.
The FTC is represented by Cathlin Tully. Counsel for D-Link couldn’t be immediately identified.
To contact the reporter on this story: Jimmy H. Koo in Washington at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
Full text of the complaint is available at http://www.bloomberglaw.com/public/document/Federal_Trade_Commission_v_DLink_Corporation_et_al_Docket_No_317c.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)