The Federal Trade Commission has charged equipment manufacturer D-Link Corporation with failing to adequately secure its wireless routers and Internet cameras.
The company, which sells networking equipment that allows people to monitor their homes and businesses remotely, allegedly "failed to take steps to address well-known and easily preventable security flaws," the FTC says. For instance, D-Link allegedly left users' logins for the mobile app "unsecured in clear, readable text on their mobile devices," according to the agency.
"As a result of defendants’ failures, thousands of defendants’ routers and cameras have been vulnerable to attacks that subject consumers’ sensitive personal information and local networks to a significant risk of unauthorized access," the FTC alleged in a complaint filed Thursday in U.S. District Court for the Northern District of California.
FTC consumer education specialist Ari Lazarus said in a blog post that the alleged security flaws enabled hackers to "use a special search engine to find vulnerable devices over the internet and get their IP addresses."
After doing so, hackers could "gain access to people’s sensitive data, including tax returns and other financial information."
D-Link, based in Taiwan, said in a statement that it will "vigorously defend itself against the unwarranted and baseless charges."
The company also noted that the FTC doesn't allege that any D-Link Systems devices suffered a security breach. "Instead, the FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege, as it must, that actual consumers suffered or are likely to suffer actual substantial injuries," the company added.
The FTC has previously brought at least two cases related to security and the Internet of Things. In 2013, the FTC alleged that Trendnet's didn't adequately secure its IP cameras. And last year, the agency said Asus routers contained security flaws that created privacy risks. Both of those companies settled the charges.