At this point we're just reading the data inside a device we own. It's all pefectly legal (UK). In the next stage of the process we're gonna start seeing private information regarding not just this device but also operational services from the ISP.
- The router I'm reversing is not from my ISP. I got it from Amazon so there would be no binding contract associating me to the company;
- It has never been connected to external networks
- You should never hit an external network with any kind of private info obtained from reversing a device
- These posts are not about TalkTalk or Huawei particularly. They are about exposing generalised bad practices in embedded development; users should know exactly which devices they can trust with their privacy and security and which ones they shouldn't. Developers should also be aware of which techniques are being used to attack their services so they know how to protect against them
- These kind of security issues have been exposed countless times in the past, and documented over and over again. Apparently no amount of exposure is enough; many companies are not willing to pay the money and effort it takes to do things right. Here's to hoping some day it will be