https://community.isc2.org/t5/Industry-News/D-Link-Settles-on-Hardcoding-Credentials/m-p/24583#M3103 <P>Router and webcam maker D-Link has <A href="https://www.ftc.gov/news-events/press-releases/2019/07/d-link-agrees-make-security-enhancements-settle-ftc-litigation" target="_blank" rel="noopener">agreed</A> to implement a new security program to settle charges dating back to 2017 that it failed to safeguard its hardware against well-known and preventable hacks and misrepresented its existing security regimen.</P><P>&nbsp;</P><P>Specific shortcomings cited by the FTC included:</P><P>&nbsp;</P><UL><LI>hard-coded login credentials on its D-Link camera software that used easily guessed passwords</LI><LI>storing mobile app login credentials in human-readable text on a user’s mobile device</LI><LI>expressly or implicitly describing its hardware as being secure from unauthorized access</LI></UL><P>and</P><UL><LI>repeatedly failing to take reasonable testing and remediation measures to protect hardware from well-known and easily preventable software security flaws</LI></UL> Mon, 09 Oct 2023 09:15:08 GMT AppDefects 2023-10-09T09:15:08Z https://community.isc2.org/t5/Industry-News/D-Link-Settles-on-Hardcoding-Credentials/m-p/24583#M3103 <P>Router and webcam maker D-Link has <A href="https://www.ftc.gov/news-events/press-releases/2019/07/d-link-agrees-make-security-enhancements-settle-ftc-litigation" target="_blank" rel="noopener">agreed</A> to implement a new security program to settle charges dating back to 2017 that it failed to safeguard its hardware against well-known and preventable hacks and misrepresented its existing security regimen.</P><P>&nbsp;</P><P>Specific shortcomings cited by the FTC included:</P><P>&nbsp;</P><UL><LI>hard-coded login credentials on its D-Link camera software that used easily guessed passwords</LI><LI>storing mobile app login credentials in human-readable text on a user’s mobile device</LI><LI>expressly or implicitly describing its hardware as being secure from unauthorized access</LI></UL><P>and</P><UL><LI>repeatedly failing to take reasonable testing and remediation measures to protect hardware from well-known and easily preventable software security flaws</LI></UL> Mon, 09 Oct 2023 09:15:08 GMT https://community.isc2.org/t5/Industry-News/D-Link-Settles-on-Hardcoding-Credentials/m-p/24583#M3103 AppDefects 2023-10-09T09:15:08Z