Mon. Nov 18th, 2019

D-Link and the FTC reached an agreement to establish a vulnerability assessment mechanism to accept regular security audits

2 min read

In recent years, there have been major security issues in IoT devices around the world. IoT devices are rarely updated firmware after they are released, so there are flaws. For example, the Internet of Things malware, MIRAI attacked with weak passwords of devices, and many users did not even know the password. In the development of the next few years, the MIRAI variant has been able to exploit the vulnerability of IoT devices to attack and then form a large-scale botnet. Our home routers are also part of the Internet of Things devices, and security problems often occur in the router industry, which poses a great threat to users.

“A handy device”by StillHazy is licensed under CC BY-NC-SA 2.0

This week, the US Federal Trade Commission issued a report saying that it has reached an agreement with D-Link on the prosecution of security issues.
According to the agreement, “Defendants D-Link repeatedly have failed to take reasonable software testing and remediation measures to protect their routers and IP cameras against well known and easily preventable software security flaws,” the FTC complaint says. “In truth and in fact, Defendants did not take reasonable steps to secure their products from unauthorized access.

In addition, routers and cameras must also be able to automatically update the firmware, that is, as long as the device is connected to the network, it can automatically upgrade to the latest firmware.

Finally, D-Link also agreed to accept third-party independent companies for security audits of their software and other firmware every other year for the next ten years.

Via: TheHackerNews