Skip to main content

FTC lawsuit alleges D-Link routers and webcams are vulnerable to attack

d link sued by ftc over wireless product security dir 869 ac1750 exo
Image used with permission by copyright holder
Wireless networking companies need to balance some complex needs. They have to perform well, with strong signal strength and competitive performance and they also have to be secure from intrusion. Some companies are having a harder time than others with accomplishing both.

Most recently, it’s D-Link is in some hot water over an alleged inability to keep their wireless routers and webcams secure. That is particularly egregious, according to the Federal Trade Commission (FTC), because of D-Link’s strong marketing messages around their products’ security, PCMag reports.

The FTC filed a complaint this week that alleges that D-Link’s products can be compromised and let hackers gain access to consumer’s sensitive data. According to the Jessica Rich, director of the FTC’s Bureau of Consumer Protection, “Hackers are increasingly targeting consumer routers and IP [Internet Protocol] cameras. The consequences for consumers can include device compromise and exposure of their sensitive personal information.”

Apparently, the FTC isn’t convinced that D-Link is doing everything it can to lock down its devices. Although the company touts the “advanced network security” of its networking products and promising customers that it is easy to make them secure, the FTC apparently disagrees with that characterization. According to the government agency, D-Link’s products suffer from “easily preventable” security issues such as insecure guest logins on its cameras, vulnerabilities to a variety of hacking methods, using unencrypted login credentials, and more.

Potential security breaches open up D-Link customers to a host of problems. The FTC outlined just a few, including “using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network.”

Not surprisingly, D-Link disagrees with the FTC’s assertions. In a statement, the company said, “The FTC has made vague and unsubstantiated allegations relating to routers and IP cameras. Notably, the complaint does not allege any breach of any product sold by D-Link Systems in the U.S.” D-Link has also served notice that they will be fighting the lawsuit.

D-Link is not the only company to suffer from security concerns. Netgear recently went through its own round of complaints and updates involving serious security breaches with its routers and webcams were at the root of a large distributed denial of service (DDoS) attack that recently took down large swaths of the internet.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more