Back in January, the US Federal Trade Commission accused D-Link of putting customers in harm’s way with its extremely negligent approach to security. According to the FTC, the company left hundreds of thousands of customers vulnerable to attack by failing to secure their routers and cameras against critical vulnerabilities. At the time, the company denied the allegations, claiming no one had been affected by an actual breach, but that didn’t change the fact that D-Link left crucial security information out in the open for months. Now the company is trying to have the case thrown out of court on the grounds that the US government has no jurisdiction over the company.
A federal judge in San Francisco agreed with that argument today and dismissed the Taiwan-based D-Link Corporation from the case, but the company isn’t quite off the hook yet. In a carefully worded press releasewritten by small government, anti-regulation nonprofit Cause of Action Institute, the case is still proceeding against D-Link Systems, Inc. — the company’s California-based US subsidiary. It’s a minor legal matter, but D-Link and Cause of Action are using the opportunity to drum up some good PR and reiterate that the FTC has yet to show that anyone was actually harmed when the company left a painfully obvious backdoor in its router firmware and exposed devices to potential malware attacks.
The Cause of Action Institute, which is defending D-Link in court, also claimed the FTC’s allegations are “vague and unsubstantiated” even though the company sold IP cameras with hard-coded login credentialsthat anyone could use to view streams and couldn’t be changed by the user. In fact, D-Link’s security flaws are something of a running joke among hackers and security researchers. While the parent company is dodging a bullet here, the US-based subsidiary will still have to contest the complaint in court.