FTC: D-Link Failed To Secure Routers, IP Cameras

Status
Not open for further replies.

memadmax

Distinguished
Mar 25, 2011
2,492
0
19,960
And this is why DLink is the very bottom of the barrel...

If I had a bricked router and only a DLink was available to replace it,

I would stick with the bricked router...
 

wiyosaya

Distinguished
Apr 12, 2006
915
1
18,990
Maybe, just maybe manufacturers of devices like this and IoT products will start taking security seriously. At least until then, IoT or other devices like this are a no go for me.
 


Because the FTC's mandate is to protect the consumer by preventing fraud, deception, and unfair business practices in the marketplace. Hard coded backdoors facilitate fraud and deception.
 

alextheblue

Distinguished
That's a shame. D-Link used to be quite good. I had a DGL-4300 gaming router back in the day that handled gobs of traffic and tons of simultaneous connections better than any router in it's price class. You could have roommates torrenting and streaming like there was no tomorrow, and still enjoy reliable, low-latency gaming. Security was also decent, and they were good about updates. Unfortunately, that was a long time ago and they have slipped in a number of regards.

Anyway, as far as security lapses go, D-Link is far from the only one. With routers there's only a handful of decent firms, the rest are questionable at best. The situation with IP cameras is even worse. Probably 90% of affordable home cameras have more holes than swiss cheese. So I'm not sure why the FTC has such a hard-on for D-Link, but not others. Maybe they want to make an example out of a high-profile firm first?
 

cbsecurity

Commendable
Jan 6, 2017
5
0
1,510
This could be a good thing on one hand. If FTC and other government orgs are going to take a more involved approach to InfoSec like this, then by all means. But it gets dicey when you mix business with standardization. D-Link is hardly a big player in that sense, but money and government are a difficult mix and once the regulatory bodies start scratching at the real industry players, especially those that are big political donors, will we see equal treatment? I hope so, because I actually applaud this FTC case against D-Link. Just hoping we see more of this down the road, as reinforcement of what InfoSec is all about and that the threats are real.
 

razor512

Distinguished
Jun 16, 2007
2,130
68
19,890
Now they need to go after the companies that release IOT devices where they prevent all local access, and then as soon as a new model is released, the old cloud reliant devices stop getting updates for security issues.

The whole making a product completely cloud reliant, is done for business purposes, and not technical ones. This is largely to have additional bargaining power over the consumer. For example, suppose you like amazon video, and they change the rates, or screw up the service, you can easily switch to netflix at no switching cost (just replace an app or use a different website and you are good to go. On the other hand, you spend a few hundred dollars on some cloud reliant IOT cameras, and they decide that your monthly service fee to access and record content from your camera, is going up by $10, then you can't easily switch, you are instead stuck deciding between accepting a price increase, or effectively bricking hundreds of dollars of equipment.

They should not be allowed to maintain such an anti-consumer business model, while also being able to not take responsibility for the problems it causes.

If they are going to take the service life control out of the hands of the consumer, then they should be held accountable for the security. That means with the average security camera offering a 20 year service life, they should have to maintain the products for at least 20 years.
 
Status
Not open for further replies.