As part of the settlement, D-Link has promised to implement a new software security program for its routers and Internet-connected cameras. The company has also agreed to subject itself to ten years of biennial security audits from a third-party, independent auditor. The FTC gets to choose the auditor, while D-Link got to decide the certifications the auditor must obtain before allowing it to review its security program.
The settlement stems from a 2017 FTC complaint in which the US agency accused the Taiwanese device maker of leaving hardcoded credentials for its products and mobile apps in their firmware or source code, which opened customers to hacking. The device maker was also happy that it did not receive a fine, which the FTC also often imposes in many settlements.