Tag Archive for: DLink

The FTC’s IoT security case against D-Link will test its power

/in

A Federal Trade Commission attempt to rein in a poorly secured IoT device is raising questions over whether the U.S. regulator has the power to crack down on vendors suspected of shoddy practices.

On Thursday, the FTC filed a complaint against Taiwanese manufacturer D-Link Systems that charged the company’s internet routers and web cameras can easily be hacked, putting consumers at risk.

But the FTC’s complaint doesn’t cite evidence that the products have been breached, only the potential for harm to consumers.

That’s among the reasons D-Link is contesting the complaint. “Notably, the complaint does not allege any breach of a D-Link Systems device,” it said in a statement. 

To read this article in full or to leave a comment, please click here

Network World Security

FTC Files Complaint Against D-Link Over Router, Camera Security Issues – CRN

/in

FTC Files Complaint Against D-Link Over Router, Camera Security Issues
CRN
This is not the FTC's first complaint related to connected device security and internet of things (IoT) products. security. The organization last February settled with Taiwan-based ASUSTeK Computer over security flaws in routers that put hundreds of

and more »

internet security news – read more

D-Link camera can be hijacked to become a spy-cam

/in

D-Link is working to fix a weakness that allows attackers to take over remote control of one of its cameras so they can eavesdrop, and the company is checking whether others of its products have similar vulnerabilities.

The vulnerability allows for the injection of malicious code and forces a password reset, which means attackers can gain remote access to the camera’s feed, thereby enabling eavesdropping, according to Senrio, a startup that monitors devices, scores how vulnerable they are and alerts when it detects suspicious behavior.

It also means that regardless of how strong a password users set up, it can be overridden.

The camera – D-Link DCS-930L Network Cloud Camera – might not be the only device affected by the vulnerability, a spokesperson for Senrio says. “Senrio has also agreed to evaluate a number of additional D-link products to assess if the vulnerability can be found in the firmware in those items,” the spokesperson said in an email.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

No patch for remote code-execution bug in D-Link and Trendnet routers

/in

Home and small-office routers from manufacturers including Trendnet and D-Link are vulnerable to attacks that allow attackers anywhere in the world to execute malicious code on the devices, according to an advisory issued over the weekend.

The remote command-injection bug affects routers that were developed using the RealTek software development kit. That includes routers from Trendnet and D-Link, according to the developer who discovered the vulnerability. There’s no comprehensive list of manufacturers or models that are affected, though more technical users may be able to spot them by using the Metasploit framework to query their router. If the response contains “RealTek/v1.3” or similar, it’s likely vulnerable.

The remote code-execution vulnerability resides in the “miniigd SOAP service” as implemented by the RealTek SDK. Security researcher Ricky “HeadlessZeke” Lawshae reported it to HP’s Zero Day Initiative (ZDI) in August 2013. ZDI, which uses such vulnerability information to block attacks in its line of intrusion prevention services, then reported it to officials inside RealTek. After 20 months of inaction, the HP division disclosed it publicly even though no fix has been released.

Read 2 remaining paragraphs | Comments


Ars Technica » Technology Lab