D-Link

Last updated

D-Link Systems, Inc.
FormerlyDatex Systems, Inc. (1986-1992)
Company type Public
TWSE: 2332
Industry Networking hardware
Telecoms equipments
Founded1986;38 years ago (1986)
Headquarters
Taipei
,
Taiwan
Area served
Worldwide
Key people
Victor Kuo (Chairman)
Products
Website www.dlink.com OOjs UI icon edit-ltr-progressive.svg

D-Link Systems, Inc. (formerly Datex Systems, Inc.) is a Taiwanese multinational manufacturer of networking hardware and telecoms equipments. It was founded in 1986 and headquartered in Taipei, Taiwan. [1]

Contents

History

Datex Systems was founded in 1986 in Taipei, Taiwan.

In 1992, the company changed its name to D-Link.

D-Link went public and became the first networking company on the Taiwan Stock Exchange in 1994. It is now also publicly traded on the New York Stock Exchange.

In 1988, D-Link released the industry's first peer-to-peer LANSmart Network Operating System, [2] : 167-168 able to run concurrently with early networking systems such as Novell's NetWare and TCP/IP, which most small network operating systems could not do at the time.

In 2007, it was the leading networking company in the small to medium business (SMB) segment worldwide, with a 21.9% market share. [notes 1] In March 2008, it became the market leader in Wi-Fi product shipments worldwide, with 33% of the total market. [notes 2] In 2007, the company was featured in the "Info Tech 100" list of the world's best IT companies. It was also ranked as the ninth best IT company in the world for shareholder returns by BusinessWeek . [3] In the same year, D-Link released one of the first WiFi Certified   802.11n draft 2.0 Wi-Fi routers (DIR-655), [4] which subsequently became one of the most successful draft 802.11n routers. [5]

In May 2013, D-Link released its flagship draft 802.11ac Wireless AC1750 Dual-Band Router (DIR-868L), which at that point had attained the fastest-ever wireless throughput as tested by blogger Tim Higgins. [6]

In April 2019, D-Link was named Gartner Peer Insights Customers’ Choice for Wired and Wireless LAN Access Infrastructure. [7]

In June 2020, D-Link joined the Taiwan Steel Group.[ clarification needed ]

In 2021, D-Link announced that it had become the agent for international information security brand Cyberbit in Taiwan, and it launched the new EAGLE PRO AI series transforming home Wi-Fi experiences.

In 2022, D-Link obtained the TRUSTe Privacy seal, certification of ISO/IEC 27001:2013 and BS 10012. It also obtained the GHG Part 1 certification of ISO 14064-1 2018. Moreover, D-Link established the "D-Link Group Scholarship" with National Taiwan University of Science and Technology to encourage foreign students to study in Taiwan.

Controversies

Backdoors

D-Link systematically includes backdoors in their equipment that compromise its users security. [8] One of the prominent examples is xmlset_roodkcableoj28840ybtide, which contains the substring roodkcab, which is the word backdoor written backwards. [9]

In January 2013, version v1.13 for the DIR-100 revA was reported to include a backdoor in the firmware. By passing a specific user agent in an HTTP request to the router, normal authentication is bypassed. It was reported that this backdoor had been present for some time. [10] This backdoor however was closed soon after with a security patch issued by the company. [11]

In 2024-06-17 information about CVE-2024-6045 backdoor was disclosed. [12]

Vulnerabilities

In January 2010, it was reported that HNAP vulnerabilities had been found on some D-Link routers. D-Link was also criticized for their response which was deemed confusing as to which models were affected and downplayed the seriousness of the risk. [13] However the company issued fixes for these router vulnerabilities soon after. [14]

Computerworld reported in January 2015 that ZynOS, a firmware used by some D-Link routers (as well as ZTE, TP-Link, and others), are vulnerable to DNS hijacking by an unauthenticated remote attacker, specifically when remote management is enabled. [15] Affected models had already been phased out by the time the vulnerability was discovered and the company also issued a firmware patch for affected devices for those still using older hardware. [16]

Later in 2015, it was reported that D-Link leaked the private keys used to sign firmware updates for the DCS-5020L security camera and a variety of other D-Link products. The key expired in September 2015, but had been published online for seven months. [17] The initial investigation did not produce any evidence that the certificates were abused. [18]

Also in 2015, D-Link was criticized for more HNAP vulnerabilities, [19] and worse, introducing new vulnerabilities in their "fixed" firmware updates. [20]

On 5 January 2017, the Federal Trade Commission sued D-Link for failing to take reasonable steps to secure their routers and IP cameras, as D-Link marketing was misleading customers into believing their products were secure. The complaint also says security gaps could allow hackers to watch and record people on their D-Link cameras without their knowledge, target them for theft, or record private conversations. [21] D-Link has denied these accusations and has enlisted Cause of Action Institute to file a motion against the FTC for their "baseless" charges. [22] On 2 July 2019, the case was settled with D-Link not found to be liable for any of the alleged violations. [23] D-Link agreed to continue to make security enhancements in its software security program and software development, with biennial, independent, third-party assessments, approved by the FTC. [24]

On 18 January 2021 Sven Krewitt, researcher at Risk Based Security, discovered multiple pre-authentication vulnerabilities in D-Link's DAP-2020 Wireless N Access Point product. [25] D-Link confirmed these vulnerabilities in a support announcement and provided a patch to hot-fix the product's firmware. [26]

In April 2024, D-Link acknowledged a security vulnerability that affected all hardware revisions of four models of network attached storage devices. Because the products have reached their end of service life date, the company stated in a release that the products are no longer supported and that a fix would not be offered. [27]

Server misuse

In 2006, D-Link was accused of NTP vandalism, when it was found that its routers were sending time requests to a small NTP server in Denmark, incurring thousands of dollars of costs to its operator. D-Link initially refused to accept responsibility. [28] Later, D-link products were found also to be abusing other time servers, including some operated by the US military and NASA. [29] However, no malicious intent was discovered, and eventually D-Link and the sites owner Poul-Henning Kamp were able to agree to an amicable settlement regarding access to Kamp's GPS.Dix.dk NTP Time Server site, with existing products gaining authorized access to Kamp's server. [30]

GPL violation

On 6 September 2006, the gpl-violations.org project prevailed in court litigation against D-Link Germany GmbH regarding D-Link's inappropriate and copyright infringing use of parts of the Linux kernel. [31] D-Link Germany GmbH was ordered to pay plaintiff's costs. [32] Following the judgement, D-Link agreed to a cease and desist request, ending distribution of the product, and paying legal costs. [33]

See also

Related Research Articles

<span class="mw-page-title-main">Wi-Fi</span> Wireless local area network

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks, used globally in home and small office networks to link devices and to provide Internet access with wireless routers and wireless access points in public places such as coffee shops, hotels, libraries, and airports.

<span class="mw-page-title-main">Wireless access point</span> Device that allows wireless devices to connect to a wired network

In computer networking, a wireless access point (WAP) is a networking hardware device that allows other Wi-Fi devices to connect to a wired network or wireless network. As a standalone device, the AP may have a wired or wireless connection to a switch or router, but in a wireless router it can also be an integral component of the networking device itself. A WAP and AP is differentiated from a hotspot, which can be a physical location or digital location where Wi-Fi or WAP access is available.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

Linksys Holdings, Inc., is an American brand of data networking hardware products mainly sold to home users and small businesses. It was founded in 1988 by the couple Victor and Janie Tsao, both Taiwanese immigrants to the United States. Linksys products include Wi-Fi routers, mesh Wi-Fi systems, Wifi extenders, access points, network switches, and Wi-Fi networking. It is headquartered in Irvine, California.

<span class="mw-page-title-main">Captive portal</span> Web page displayed to new users of a network

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement/acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

<span class="mw-page-title-main">AirPort Extreme</span> Residential gateway

AirPort Extreme is a line of residential gateways made by Apple Inc. that combine the functions of a router, network switch, wireless access point and NAS as well as varied other functions. It is one of Apple's former AirPort products. The latest model, the 6th generation, supports 802.11ac networking in addition to older standards. Versions of the same system with a built-in network-accessible hard drive are known as the AirPort Time Capsule.

<span class="mw-page-title-main">AirPort Express</span> Wi-Fi base station by Apple

The AirPort Express is a discontinued Wi-Fi base station product from Apple Inc., part of the AirPort product line. While more compact and in some ways simpler than another Apple Wi-Fi base station, the AirPort Extreme, the Express offers audio output capability the Extreme lacks. The AirPort Express was the first AirPlay device to receive streamed audio from a computer running iTunes on the local network. AirPort Express outperforms the stringent requirements of the ENERGY STAR Program Requirements for Small Network Equipment (SNE) Version 1.0.

Netgear, Inc., is an American computer networking company based in San Jose, California, with offices in about 22 other countries. It produces networking hardware for consumers, businesses, and service providers. The company operates in three business segments: retail, commercial, and as a service provider.

<span class="mw-page-title-main">Wireless router</span> Computer networking device

A wireless router or Wi-Fi router is a device that performs the functions of a router and also includes the functions of a wireless access point. It is used to provide access to the Internet or a private computer network. Depending on the manufacturer and model, it can function in a wired local area network, in a wireless-only LAN, or in a mixed wired and wireless network.

<span class="mw-page-title-main">Ralink</span> Wi-Fi chipset manufacturer

Ralink Technology, Corp. is a Wi-Fi chipset manufacturer mainly known for their IEEE 802.11 chipsets. Ralink was founded in 2001 in Cupertino, California, then moved its headquarters to Hsinchu, Taiwan. On 5 May 2011, Ralink was acquired by MediaTek.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Qualcomm Atheros is a developer of semiconductor chips for network communications, particularly wireless chipsets. The company was founded under the name T-Span Systems in 1998 by experts in signal processing and VLSI design from Stanford University, the University of California, Berkeley, and private industry. The company was renamed Atheros Communications in 2000 and it completed an initial public offering in February 2004, trading on the NASDAQ under the symbol ATHR.

Misuse of a Network Time Protocol (NTP) server ranges from flooding it with traffic or violating the server's access policy or the NTP rules of engagement. One incident was branded NTP vandalism in an open letter from Poul-Henning Kamp to the router manufacturer D-Link in 2006. This term has later been extended by others to retroactively include other incidents. There is, however, no evidence that any of these problems are deliberate vandalism. They are more usually caused by shortsighted or poorly chosen default configurations.

A residential gateway is a small consumer-grade gateway which bridges network access between connected local area network (LAN) hosts to a wide area network (WAN) via a modem, or directly connects to a WAN, while routing. The WAN is a larger computer network, generally operated by an Internet service provider.

Long-range Wi-Fi is used for low-cost, unregulated point-to-point computer network connections, as an alternative to other fixed wireless, cellular networks or satellite Internet access.

<span class="mw-page-title-main">AirPort Time Capsule</span> Wireless router by Apple

The AirPort Time Capsule is a wireless router which was sold by Apple Inc., featuring network-attached storage (NAS) and a residential gateway router, and is one of Apple's AirPort products. It is essentially a version of the AirPort Extreme with an internal hard drive. Apple describes it as a "Backup Appliance", designed to work in tandem with the Time Machine backup software utility introduced in Mac OS X 10.5.

Linksys manufactures a series of network routers. Many models are shipped with Linux-based firmware and can run third-party firmware. The first model to support third-party firmware was the very popular Linksys WRT54G series.

OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.

<span class="mw-page-title-main">Ubiquiti</span> American technology company

Ubiquiti Inc. is an American technology company founded in San Jose, California, in 2003. Now based in New York City, Ubiquiti manufactures and sells wireless data communication and wired products for enterprises and homes under multiple brand names. On October 13, 2011, Ubiquiti had its initial public offering (IPO) at 7.04 million shares, at $15 per share, raising $30.5 million.

Kr00k is a security vulnerability that allows some WPA2 encrypted WiFi traffic to be decrypted. The vulnerability was originally discovered by security company ESET in 2019 and assigned CVE-2019-15126 on August 17th, 2019. ESET estimates that this vulnerability affects over a billion devices.

References

Notes

  1. Compiled from In-Stat Q1 2007 Wireless LAN Equipment Market Share Report
  2. In-Stat Q4/07 WLAN Market Share Report

Citations

  1. "History of D-Link". D‑Link (Europe). n.d. Archived from the original on 13 May 2022. Retrieved 6 August 2022. 1986 - Datex Systems, Inc. is founded to market network adapters.
  2. Maxwell, Kimberly (29 May 1990). "LANsmart Operating System". PC Magazine . Vol. 9, no. 10. Ziff Davis. pp. 167–168. ISSN   0888-8507. OCLC   642393284 . Retrieved 6 August 2022 via Google Books.
  3. Ante, Spencer E.; Ewing, Jack; Greene, Jay; Burrows, Peter; Hof, Robert D. (2 July 2007). "The Info Tech 100" . BusinessWeek . ISSN   0007-7135. Archived from the original on 18 July 2022.
  4. Higgins, Tim (9 July 2007). "D-Link DIR-655 Xtreme N Gigabit Router Review:Draft 2.0 arrives". SmallNetBuilders. Archived from the original on 20 July 2022. Retrieved 6 August 2022. But with the Wi-Fi Certification process underway, I'm reluctantly going to begin review of Draft 11n products. And since the DIR-655 was the first draft 11n product to post Draft 2.0 firmware and driver updates, and one of the first out of the Wi-Fi Certification gate, what better place to start?
  5. Higgins, Tim (10 February 2009). "D-Link DIR-655 A4 Quick Review". SmallNetBuilders. Archived from the original on 17 May 2022. Retrieved 6 August 2022.
  6. Higgins, Tim (28 May 2013). "D-Link DIR-868L Wireless AC1750 Dual Band Gigabit Cloud Router Reviewed". SmallNetBuilders. Archived from the original on 21 July 2022. Retrieved 6 August 2022.
  7. Best Wired and Wireless LAN Access Infrastructure of 2019 as reviewed by customers. . Gartner Peer Insights Customers’ Choice - Apr 2019
  8. Over 92,000 exposed D-Link NAS devices have a backdoor account
  9. "D-Link issues fixes for firmware backdoor in routers".
  10. Yegulalp, Serdar (14 October 2013). "D-Link's backdoor: What else is in there?". InfoWorld . ISSN   0199-6649 . Retrieved 1 April 2016.
  11. Krebs, Brian (2 December 2013). "Important Security Update for D-Link Routers". Krebs on Security. Retrieved 17 September 2020.
  12. https://securityonline.info/d-link-routers-exposed-critical-backdoor-vulnerability-discovered-cve-2024-6045/ [ bare URL ]
  13. "Which Routers Are Vulnerable to the D-Link HNAP Exploit?". Source Sec Tech Engine. 18 January 2010. Archived from the original on 26 December 2013.
  14. "D-Link Issues Fixes for Router Vulnerabilities". PCWorld . 15 January 2010. ISSN   0737-8939 . Retrieved 17 September 2020.
  15. Constantin, Lucian. "DNS hijacking flaw affects D-Link DSL router, possibly other devices". Computerworld . ISSN   0010-4841 . Retrieved 1 April 2016.
  16. Jackson, Mark (31 January 2015). "UPDATE D-Link Broadband Routers Vulnerable to DNS Hijack Attack". ISPreview UK. Retrieved 17 September 2020.
  17. "In blunder threatening Windows users, D-Link publishes code-signing key". Ars Technica. 18 September 2015. Retrieved 1 April 2016.
  18. "D-Link Accidentally Leaks Private Code-Signing Keys". threatpost.com. 18 September 2015. Retrieved 17 September 2020.
  19. "Hacking the D-Link DIR-890L".
  20. Craig (15 April 2014). "What the Ridiculous F***, D-Link?!". /dev/ttyS0 | Embedded Device Hacking. Archived from the original on 20 April 2015. Retrieved 6 August 2022. However, they've added another sprintf to the code before the call to access; their patch to prevent an unauthenticated sprintf stack overflow includes a new unauthenticated sprintf stack overflow.
  21. "FTC sues D-Link over router and camera security flaws | Consumer Information". Archived from the original on 7 January 2017. Retrieved 7 January 2017.
  22. "Cause of Action Institute Files Motion to Dismiss FTC's Baseless Data Security Charges Against D-Link Systems Inc. - Cause of Action Institute". Cause of Action Institute. 31 January 2017. Retrieved 12 February 2017.
  23. "proposed settlement, D-Link is required" (PDF).
  24. "D-Link Agrees to Make Security Enhancements to Settle FTC Litigation". 2 July 2019.
  25. Krewitt, Sven (18 January 2021). "RBS-2021-002-D-Link DAP-2020". Risk Based Security. Archived from the original on 7 March 2021. Retrieved 2 September 2020.
  26. "D-Link Technical Support". supportannouncement.us.dlink.com. Retrieved 2 September 2021.
  27. "DNS-320L / DNS-325 / DNS-327 / DNS-340L and All D-Link NAS Storage :: All Models and All Revison :: End of Service Life :: CVE-2024-3273 : Vulnerabilities Reported by VulDB/Netsecfish". D-Link. 8 April 2024. Retrieved 8 April 2024.
  28. Leyden, John (13 April 2006). "D-Link accused of 'killing' time servers | Time to stop freeloading". The Register . Archived from the original on 22 September 2020. Retrieved 9 August 2022. D-Link, for its part, is hiding behind its lawyers. Instead of acknowledging it might have made an error, and operators say D-Link's attorneys have accused them of "extortion" or else demanded that disgruntled punters submit to Californian law.
  29. Ward, Mark (13 April 2006). "Net clocks suffering data deluge". BBC News . Archived from the original on 27 April 2022. Retrieved 9 August 2022. This has revealed that D-Link hardware is also causing problems for 50 other net time servers. The list includes some run by the US military, Nasa, US research organisations and government groups around the world.
  30. Leyden, John (11 May 2006). "D-Link settles dispute with 'time geek' | Time to kiss and make up". The Register . Archived from the original on 7 April 2022. Retrieved 9 August 2022. Networking manufacturer D-Link has settled a dispute with a Danish administrator Poul-Henning Kamp over the way its kit queries internet time servers.
  31. GPL-Violations.org project prevails in court case on GPL violation by D-Link Archived 7 October 2014 at the Wayback Machine
  32. Docket Number 2-6 0 224/06 DISTRICT COURT OF FRANKFURT AM MAIN Archived 6 December 2006 at the Wayback Machine
  33. "German court raps D-Link over GPL violation". iTnews. Retrieved 17 September 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.