Posted January 6, 2017 Quote The United States Federal Trade Commission (FTC) has filed a lawsuit against D-Link, claiming the company put thousands of customers at risk of unauthorised access by failing to secure its IP cameras and routers, after security vulnerabilities were discovered last year. The lawsuit [...], filed in the District Court in San Francisco on January 5, claims that D-Link "repeatedly have failed to take reasonable software testing and remediation measures to protect their routers and IP cameras against well-known and easily preventable software security flaws" in several of its Internet of Things (IoT) devices. Specifically, the FTC said these alleged security failures amounted to D-Link hard-coding login credentials or backdoors that allowed unauthorised access to live feeds in its camera software; mishandling its own software private sign-in key code so it was exposed online for around six months; failing to take reasonable steps to prevent a known vulnerability allowing attackers to remotely control and send commands to routers; and failing to use free software that has been available since 2008 to secure its users' app logins, instead storing them in clear, readable text on users' mobile devices. http://www.zdnet.com/article/ftc-files-lawsuit-against-d-link-for-router-and-camera-security-flaws/ Link to the lawsuit (PDF): https://www.ftc.gov/system/files/documents/cases/170105_d-link_complaint_and_exhibits.pdf Link to FTC's press release: https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-due-inadequate The FTC alleges that D-Link coded backdoor logins in their routers and cameras. D-Link's own private key was also leaked online, putting virtually all devices at risk. TO add to that, login credentials were stored in plaintext if you accessed the interface off of a mobile device. Its also ironic, since D-Link knew about the vulnerabilities and still falsely promoted their devices as secure. Honestly, let the D-Link needs to own up to its failures, this isn't acceptable by any means. Here's what the FTC has in store for them: Quote The FTC is seeking a permanent injunction to prevent D-Link from engaging in unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act, as well as legal costs and any other equitable relief the court deems appropriate. ▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀ Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted January 6, 2017 Another example of why having a key that unlocks encryption or allows access to a supposed secure system is retarded. No suprises here. If you want to reply back to me or someone else USE THE QUOTE BUTTON! Pascal laptops guide Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted January 6, 2017 Author Just now, Castdeath97 said: Another example of why having a key that unlocks encryption or allows access to a supposed secure system is retarded. No suprises here. And the fact that credentials were stored in plaintext? D-Link just dropped the ball. Secondly, what about the implications of spying? If D-Link has a backdoor to access its cameras and routers, who's stopping them from watching? Luckily, I don't use D-Link cameras. ▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀ Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted January 6, 2017 guys, big news: Dlink security blows chunks. it's been like this since wireless N first came arount, i've yet to encounter a budget D-link wireless router that can actually do WPA2 without crashing. before we switched to something that could actually be secured we had a white van parked next to our house like once a month. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted January 6, 2017 Feels good that im not using any consumer network gear, Thank god my old d-link router died and i get replacement. So now essential everyone have access to your IP cameras ... the government, the pedo down the street. Magical Pineapples