Cybersecurity Slackers??

 

Just yesterday we told you about the Unites States Federal Trade Commission (FTC) filing a complaint against D-Link for their lax security. This is not the first time the FTC has stepped in and filed a complaint against a software/hardware manufacturer for disregarding consumer privacy and security.

The FTC had also filed complaints against TRENDnet and ASUS (aka ASUSTeK Computer). The TRENDnet case stemmed from 2013 and involved Internet Protocol (IP) cameras lacking the ability to “REASONABLY SECURE ITS IP CAMERAS AGAINST UNAUTHORIZED ACCESS”. The FTC specifically took exception to the trade-name SecurView and use of the words “Secure”, “Protect”, and a sticker displaying  a lock picture and the word “SECURITY”. Now I know what you’re thinking, this is only a ‘complaint’ and the FTC probably doled out a spanking to TRENDnet and that was that. In reality, the final FTC settlement from 2014 required TRENDnet to:

“obtain third-party assessments of its security programs every two years for the next 20 years”,

“notify customers about the security issues with the cameras and the availability of a software update to correct them, and to provide customers with free technical support for the next two years to assist them in updating or uninstalling their cameras”,

stop “misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit. In addition, the company is barred from misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.”, and

“establish a comprehensive information security program designed to address security risks that could result in unauthorized access to or use of the company’s devices, and to protect the security, confidentiality, and integrity of information that is stored, captured, accessed, or transmitted by its devices.”

In the ASUS complaint (2016) the FTC alleged “critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers’ insecure “cloud” services led to the compromise of thousands of consumers’ connected storage devices, exposing their sensitive personal information on the internet.”

The settlement required ASUS to:

“notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through email, text message, or push notification)”,

stop “misleading consumers about the security of the company’s products, including whether a product is using up-to-date software”, and

“establish and maintain a comprehensive security program subject to independent audits for the next 20 years”

It can be a scary world out there with every Tom, Dick, and Harry claiming your data is secured and private. If you really want peace of mind isn’t it about time you-

#ComeBackToBlack!

 

 

Rob

kayaker co-pilot Tucson, it's a dry heat!

  • Prem_Watsapp

    Home router security and “security” camera “security” are either non-existent or a total joke…

    Updates aren’t being pushed. You’re lucky to get a “bug fix” half a year or a year after release. And that’s about it. Don’t count on patching Heartbleed & Co, Linux buffer overflows, remote access vulnerabilities and all that other stuff getting fixed timely or getting fixed at all….

    After all, you’re just a consumer, and they’ve got your money already… ;-D

Top