The FTC has filed a complaint against D-Link, a computer networking equipment manufacturer, for failing to take reasonable steps to protect the security measures of its baby monitors, cameras, and home internet routers.
In D-Link's case, the company said its products are "easy to secure" and offer "advanced network security." But in the reality, the devices contained preventable security flaws open to easy exploitation, the FTC alleges.
Among those flaws were guessable login credentials embedded in D-Link camera software, using the word "guest" for both the username and password.
In addition, D-Link also failed to patch vulnerabilities in the product software, including a command injection flaw that would have given hackers remote control over a device.
The security flaws could have paved the way for hackers to spy on consumers and steal their data via a compromised web camera or internet router, the FTC claims.
They could also redirect a consumer to a fraudulent website, or use the router to attack other devices on the local network, such as computers, smartphones, IP cameras, or connected appliances.
The FTC alleges that by using a compromised camera, an attacker could monitor a consumer’s whereabouts in order to target them for theft or other crimes, or watch and record their personal activities and conversations.
