The Federal Trade Commission has
charged equipment manufacturer D-Link Corporation with failing to adequately secure its wireless routers and Internet cameras.
The company, which sells networking equipment that allows people
to monitor their homes and businesses remotely, allegedly "failed to take steps to address well-known and easily preventable security flaws," the FTC says. For instance, D-Link allegedly left users'
logins for the mobile app "unsecured in clear, readable text on their mobile devices," according to the agency.
"As a result of defendants’ failures, thousands of defendants’
routers and cameras have been vulnerable to attacks that subject consumers’ sensitive personal information and local networks to a significant risk of unauthorized access," the FTC alleged in a
complaint filed Thursday in U.S. District Court for the Northern District of California.
FTC consumer education specialist Ari Lazarus said in a blog post that the alleged security flaws enabled hackers to "use a special search engine to find
vulnerable devices over the internet and get their IP addresses."
After doing so, hackers could "gain access to people’s sensitive data, including tax returns and other financial
information."
D-Link, based in Taiwan, said in a statement that it will "vigorously defend itself against the unwarranted and baseless charges."
The company also noted that the FTC
doesn't allege that any D-Link Systems devices suffered a security breach. "Instead, the FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege, as it must, that actual
consumers suffered or are likely to suffer actual substantial injuries," the company added.
The FTC has previously brought at least two cases related to security and the Internet of Things. In
2013, the FTC alleged that Trendnet's didn't adequately secure its IP cameras.
And last year, the agency said Asus routers contained security
flaws that created privacy risks. Both of those companies settled the charges.