Router and webcam maker D-Link has agreed to implement a new security program to settle charges dating back to 2017 that it failed to safeguard its hardware against well-known and preventable hacks and misrepresented its existing security regimen.
Specific shortcomings cited by the FTC included:
hard-coded login credentials on its D-Link camera software that used easily guessed passwords
storing mobile app login credentials in human-readable text on a user’s mobile device
expressly or implicitly describing its hardware as being secure from unauthorized access
repeatedly failing to take reasonable testing and remediation measures to protect hardware from well-known and easily preventable software security flaws