That’s a bold admission. I guess they aren’t worried about people questioning either how the know or how they are able to remotely control our routers.
Another bit of evidence of the dystopia.
If anyone is questioning it then they will find that the answers are pretty boring:
Consumer device manufacturers do not give a shit about security.
For the longest time these devices would ship with default passwords (and many likely still do) and allow remote administration from any IP address.
You could, ‘hack’ into a network by simply looking up the manufacturer of the device that you were connecting to and using their default username and password (which was often admin/admin). Then, for your convenience, you could write a firmware update to the router directly from the web interface.
In addition, they rarely perform any kind of automatic updating, so once a vulnerability is discovered there is no way for them to deploy a patch across all of their devices without every individual owner logging into the router console and pressing a button, which is not going to happen at scale.
There’s no nefarious conspiracy inserting backdoors into these products, just boring corporate greed resulting in valuing convenience over security.
I had a friend who would do that as a prank. He’d drive around with a laptop and change people’s wifi password then listen for them to start bitching about the wifi not working. It was a simpler time.
If anyone is questioning it then they will find that the answers are pretty boring:
Consumer device manufacturers do not give a shit about security.
For the longest time these devices would ship with default passwords (and many likely still do) and allow remote administration from any IP address.
You could, ‘hack’ into a network by simply looking up the manufacturer of the device that you were connecting to and using their default username and password (which was often admin/admin). Then, for your convenience, you could write a firmware update to the router directly from the web interface.
In addition, they rarely perform any kind of automatic updating, so once a vulnerability is discovered there is no way for them to deploy a patch across all of their devices without every individual owner logging into the router console and pressing a button, which is not going to happen at scale.
There’s no nefarious conspiracy inserting backdoors into these products, just boring corporate greed resulting in valuing convenience over security.
I had a friend who would do that as a prank. He’d drive around with a laptop and change people’s wifi password then listen for them to start bitching about the wifi not working. It was a simpler time.
WPA2 has a deauth attack that will do similar. (Note: This is crimes, don’t do crimes)