After years of a standoff with the United States Federal Trade Commission, D-Link has agreed to deploy a security program for its routers and webcams by 2030. The measure will still have third-party audits every two years.
The company will also be required to verify security vulnerabilities prior to launching a product. In addition, the company will need to monitor post-availability vulnerabilities in the marketplace and accept reports from third-party researchers.
Problems of the past
According to the director of the FTC, Andrew Smith, the process occurred due to security flaws in routers and IP cameras of the brand, which left sensitive information exposed on the Internet.
“We process D-Link for the security of its routers and IP cameras, and these security breaches have risked exposing users’ most sensitive personal information to prying eyes. Manufacturers and sellers of connected devices should be aware that the FTC will hold them accountable for faults that expose user data to compromise risks. “
Director of the FTC’s Bureau of Consumer Protection
Among problems encountered in D-Link products, they are coding for a single password in the first generations of webcams – with no possibility of change – and storing plain text credentials in the mobile application to log in.
Company remains active
Despite all the problems related to protecting its users, the company continued to launch new network-related products. Among them are EXO routers announced at CES 2019, with a focus on the Internet of Things.