Do you use one of the most popular internet routers on the market?
The Feds warn if you do, “poor security may allow hackers into your life in ways you may have never imagined.”
Per the FTC, which today filed a formal complaint against the D-Link company stating:
“D-Link promoted the security of its routers on the company’s website, which included materials headlined “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.”
But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well-known and easily preventable security flaws, such as:
- “hard-coded” login credentials integrated into D-Link camera software — such as the username “guest” and the password “guest” — that could allow unauthorized access to the cameras’ live feed
- a software flaw known as “command injection” that could enable remote attackers to take control of consumers’ routers by sending them unauthorized commands over the Internet
- the mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months
- leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information.
According to the complaint, hackers could exploit these vulnerabilities using any of several simple methods. For example, using a compromised router, an attacker could obtain consumers’ tax returns or other files stored on the router’s attached storage device. They could redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.
The full FTC Complaint is HERE.