FTC settles with device maker D-Link, requires 'comprehensive' security effort

FTC settles with device maker D-Link, requires 'comprehensive' security effort: Device manufacturer D-Link Systems has agreed to implement a “comprehensive software security program” to settle Federal Trade Commission charges that the company exposed customer data to hackers while advertising top-of-the-line security measures. D-Link will not pay any financial penalties as part of the settlement, but its manufacturing process will have to threat modeling; tests for security bugs prior to a product’s release; ongoing device monitoring to address flaws; automatic firmware updates; and the acceptance of vulnerability reports from researchers. The government’s litigation against the Southern California company, which makes wireless routers and smart cameras, began in 2017. Regulators found that D-Link, despite billing its products as having “advanced network security,” actually failed to test them and did not remediate “well known and preventable security flaws.” That same year, researchers found 10 vulnerabilities in a single D-Link router model that could have been exploited to take over a device. Under the settlement, the company also will be subject …

explicita