Router and webcam maker D-Link has agreed to implement a new security program to settle charges it failed to safeguard its hardware against well-known and preventable hacks and misrepresented its existing security regimen.
Tuesday’s agreement settles a 2017 complaint by the US Federal Trade Commission that alleged D-Link left thousands of customers open to potentially costly hack attacks. The hardware maker, the FTC said, failed to test its gear against security flaws ranked among the most critical and widespread by the Open Web Application Security Project. The 2017 suit also said that, despite the lack of testing and hardening of its products, D-Link misrepresented its security regimen as reasonable.
Specific shortcomings cited by the FTC included: