D-Link Settles With FTC and Agrees on Security Changes to End Litigation

D-Link agreed to security improvements to settle a 2017 FTC lawsuit, the agency said Tuesday. The commission previously alleged the company's wireless routers and internet cameras were vulnerable to hackers and invasion of users' privacy, an allegation the manufacturer had vowed to fight. Now, it will start "a comprehensive software security program, including specific steps to ensure that its Internet-connected cameras and routers are secure," the agency said. "This includes implementing security planning, threat modeling, testing for vulnerabilities before releasing products, ongoing monitoring to address security flaws, and automatic firmware updates, as well as accepting vulnerability reports from security researchers." D-Link will get biennial third-party assessments of its software security program for 10 years. The pact was filed in U.S. District Court in San Francisco and commissioners approved 5-0. "Security flaws risked exposing users’ most sensitive personal information to prying eyes,” said Consumer Protection Bureau Director Andrew Smith. “Manufacturers and sellers of connected devices should be aware that the FTC will hold them to account for failures that expose user data to risk of compromise.” The company didn't comment.