Friday, January 06, 2017

FTC takes D-Link to court citing lax product security, privacy perils | Network World

See this Wikipedia article for a D-Link company overview
"According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website, which included materials headlined “Easy to secure” and “Advance network security.” But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:
  • “Hard-coded” login credentials integrated into D-Link camera software -- such as the username “guest” and the password “guest” -- that could allow unauthorized access to the cameras’ live feed; 
  • A software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet; 
  • The mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months; and 
  • Leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information."
FTC takes D-Link to court citing lax product security, privacy perils | Network World

No comments: