SoylentNews is people
SoylentNews
A hacked/compromised router is the worst thing that can happen to computer users.
Any computing device (smartphone, tablet, laptop, desktop, refrigerator) sitting behind a compromised router can be attacked in every known way.
Needless to say, a router can be used for spying, not just on normally insecure communications but its also a perfect host for man-in-the-middle attacks on supposedly secure communication (SSL/TLS/HTTPS).
Compromised routers can send victims to scam versions of websites, a great way to collect passwords. In August, Jeff Atwood wrote about two people whose routers were hacked. One router modified web pages to show extra ads, another tricked a victim into installing a hacked version of the Chrome browser. And, of course, a router can be used to install malware on computers too. Did your last Flash update really come from Adobe? How would you know?
(Score: 0) by Anonymous Coward on Thursday November 12 2015, @08:02PM
Most of those failures can be worked around the way forgetting your password is currently handled: with physical access you can hard-reset the router to regain access to it at the cost of losing all of the settings.
HTTPS support is fairly common at least in alternative firmwares. As you point out, the certificate can't be signed by a CA, but you can trust the single self-signed certificate it has (originally verified by plugging into the router directly) or setup your own internal "CA" to sign it. There's also usually an option to make the management website only accessible over wired connections, which provides a similar level of security at the cost of convenience.