Not downplaying the risks, but could a vulnerability on a d-link router really let you monitor traffic on the device in a practical sense (as mentioned in the video)? Assuming it is non-SSL is there enough computing power to even do any meaningful monitoring and subsequent exfiltration? Or are the SOCs used on them powerful enough these days.
It’s powerful enough to mitm traffic if you get someone to install a certificate, and it can easily pass packets where ever the attacker wants.
True I was thinking of packet analysis being intensive but simpler MITM/splitting it outbound makes senses.
Ransomware and bricking would probably be the primary risk though. And security cams, NAS, printers, etc.
The major worry for these devices for me is someone using my network connection for nefarious uses. I suspect many of the “get a residential IP for your crawler” services actually use hacked IOT devices.
This is also true of every intermediate router between you and the destination.
TLS would not need to exist otherwise.
Most intermediate routers don't have easily exploitable holes allowing attackers to take them over to MITM traffic though...
I thought most internet routers in the US at least were pwned by the NSA. :D
Reminds me of a Dan Greer talk he gave at NSA from 2014 http://geer.tinho.net/geer.nsa.26iii14.txt
the basic gist is in the event of a cyberwar you could brick millions of peoples routers and their only natural solution would be to go to BestBuy to get a new one... which almost certainly is running a 4-5yr old linux/firmware version that is equally vulnerable. Of course this requires some remote access or lateral entry from other systems on the network, but it's an interesting thought experiment regardless.
> the basic gist is in the event of a cyberwar you could brick millions of peoples routers [...] but it's an interesting thought experiment regardless.
I think this is already way past "thought experiment". In the day of the 2022 invasion of Ukraine by Russia, thousands of satellite modems were deliberately bricked.
and https://en.wikipedia.org/wiki/VPNFilter
The lack of major cyber wins in the invasion of Ukraine is still very surprising though. Maybe holding their cards for something big (something they didn't expect to win in "3 days"), or US really helped prepare Ukraine, or it's harder than it sounds :)