The network devices and solutions manufacturer company D-Link has announced the creation of a comprehensive software security program to meet a requirement of the U.S. Federal Trade Comission (FTC). Experts in system audits mention that, in an FTC lawsuit against D-Link, it is claimed that the company does not have the necessary security measures to protect its users from malicious hackers.
Routers are often the most common access point for internet threat actors. Most of the time, these devices do not have the necessary protections, which makes them vulnerable to exploitation of security flaws; Thanks to this, hackers can compromise the router as well as the devices connected to it.
Wireless network security is an issue that has kept system audits specialists busy recently, especially when the cybersecurity community reports the finding of new security vulnerabilities of multiple types such as remote code execution, authentication failures, and more.
In the case of D-Link, the company was charged by the FTC due to poor security measures on its routers, IP cameras, among other IoT devices. According to the FTC, the company made multiple security errors, bypassing a series of anti-hacking tests on its computers, did not include protection against known vulnerabilities, and also did not release regular updates.
As if that wasn’t enough, D-Link mistakenly leaked its private keys for code signing; hackers with access to this information could have signed a malware variant to bypass malware solutions.
In addition to implementing a new cybersecurity strategy, D-Link will need to monitor each of its products for security errors, release automatic firmware updates, and receive vulnerability reports from trusted sources.
On previous occasions the FTC has imposed similar measures on other companies. According to system audits experts from the International Cyber Institute of Security (IICS), the Commission imposed similar sanctions against Asus because of its poor router security measures. The company must undergo external security audits every two years for a period of 20 years.