Skip to main content

FTC lawsuit alleges D-Link routers and webcams are vulnerable to attack

d link sued by ftc over wireless product security dir 869 ac1750 exo
Image used with permission by copyright holder
Wireless networking companies need to balance some complex needs. They have to perform well, with strong signal strength and competitive performance and they also have to be secure from intrusion. Some companies are having a harder time than others with accomplishing both.

Most recently, it’s D-Link is in some hot water over an alleged inability to keep their wireless routers and webcams secure. That is particularly egregious, according to the Federal Trade Commission (FTC), because of D-Link’s strong marketing messages around their products’ security, PCMag reports.

The FTC filed a complaint this week that alleges that D-Link’s products can be compromised and let hackers gain access to consumer’s sensitive data. According to the Jessica Rich, director of the FTC’s Bureau of Consumer Protection, “Hackers are increasingly targeting consumer routers and IP [Internet Protocol] cameras. The consequences for consumers can include device compromise and exposure of their sensitive personal information.”

Apparently, the FTC isn’t convinced that D-Link is doing everything it can to lock down its devices. Although the company touts the “advanced network security” of its networking products and promising customers that it is easy to make them secure, the FTC apparently disagrees with that characterization. According to the government agency, D-Link’s products suffer from “easily preventable” security issues such as insecure guest logins on its cameras, vulnerabilities to a variety of hacking methods, using unencrypted login credentials, and more.

Potential security breaches open up D-Link customers to a host of problems. The FTC outlined just a few, including “using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network.”

Not surprisingly, D-Link disagrees with the FTC’s assertions. In a statement, the company said, “The FTC has made vague and unsubstantiated allegations relating to routers and IP cameras. Notably, the complaint does not allege any breach of any product sold by D-Link Systems in the U.S.” D-Link has also served notice that they will be fighting the lawsuit.

D-Link is not the only company to suffer from security concerns. Netgear recently went through its own round of complaints and updates involving serious security breaches with its routers and webcams were at the root of a large distributed denial of service (DDoS) attack that recently took down large swaths of the internet.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
D-Link camera falls short in security measures, Consumer Reports finds
d link security camera data privacy consumer reports

Smart home security cameras are supposed to allow you to keep an eye on your home while you're away so strangers don't invite themselves in. But what if those strangers can see what your camera sees? That is possible due to a security flaw in a camera from D-Link, Consumer Reports found.

The D-Link DCS-2630L was one of six home security cameras the publication tested. When it came to the data security and privacy section of the review, the D-Link device came up woefully short. The internet-connected camera can transmit unencrypted video footage across the web. The lack of proper encryption opens up the possibility that a stranger may intercept the transmissions and access the video content.

Read more
Despite serious security flaws, D-Link will (again) not patch some routers
modem vs router plugging in

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company's routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

"The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014," Naked Security reported. Though these are not current models in D-Link's portfolio, many of the listed models are still likely to be in use.

Read more
Is your router vulnerable to attacks? New report says odds aren’t in your favor
ASRock X10 IoT Router

A new study out by the American Consumer Institute shows that 83 percent of routers in the United States are vulnerable to cyberattacks.  The group finds that a majority of those routers have critical security vulnerabilities, primarily due to the lack of firmware updates.

In testing a total of 186 routers from leading manufacturers like Netgear and Linksys, the study found that over 155 were vulnerable to potential cyberattacks. Individually, there were 172 vulnerabilities per router, and 32,003 vulnerabilities in total.

Read more