Networking vendor D-Link, which this week was sued by the US Federal Trade Commission (FTC) over alleged security issues in its routers and IP cameras, blasted the FTC for insinuating potential security issues rather than pointing out specific instances where customer privacy was breached.
The FTC filed a complaint in the Northern District of California on Thursday which charged Taiwan-based D-Link and D-Link Systems, its US subsidiary, with failing to take "reasonable steps to secure its routers and Internet Protocol (IP) cameras" and possibly compromising sensitive consumer information "including live video and audio feeds from D-Link IP cameras."
According to the FTC, D-Link failed to take steps to address "well-known and easily preventable security flaws." Among the alleged missteps were hard-coding the username "guest" and password "guest" into some products, allowing a software flaw that could let unauthorised users take control of routers, making a private key code for the D-Link software openly available on a public website for six months, and leaving users' login credentials for the company's mobile app unsecured.
D-Link was unable to provide a company executive to discuss the FTC action, citing executive travel schedules related to CES 2017.
In a prepared statement, D-Link Systems said it rejects the FTC’s allegations and firmly believes it has "more than reasonable" security processes and procedures including procedures to address potential security issues, which the company said exist in all of its internet of things (IoT) devices.
The company also said the FTC did not allege any breach of a D-Link Systems device or actual instances of consumers suffering, but instead focused on the potential of being hacked.
The FTC charges against D-Link Systems are unwarranted, said William Brown, chief information security officer at D-Link Systems, in the statement.
"We will vigorously defend the security and integrity of our routers and IP cameras and are fully prepared to contest the complaint. Furthermore, we are continually working to address the overall security features of D-Link Systems' products for their intended applications and to regularly inform consumers of the appropriate steps to take to secure devices.," Brown said.
D-Link late Thursday posted an online FAQ to address specific allegations in the FTC complaint.
In the FAQ, the company said it maintains procedures to address the kind of potential security issues that exist in all IoT devices and said the FTC must allege that actual consumers were harmed or could suffer actual injuries.