Reply to post: Re: FUD

What most people think it looks like when you change router's admin password, apparently

Peter X


It probably wouldn't be very difficult to craft some Javascript to poll the usual router IPs, brute force the IP, open the admin interface on the WAN side, and log it somewhere for a hacker to access.

If they then uploaded modified firmware then you'd never be able to fix it either. It could then route (say) common bank domains through a remote proxy to capture password.*

* This bit would be beyond me personally, but I suspect a fake site with a LetsEncrypt cert, would be sufficient to fool the aforementioned 82%. The firmware upload might be hard on recent ISP routers also but maybe just changing the nameservers would be enough to redirect certain traffic.

My point is, I don't think this should be written off a FUD.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019