Things that ppl never seem to ask or answer: MITM & HTTP router access...

JARVIS

Many brand routers never use security certificates or httpS when users try to connect to their firmware (192.168.1.1)

Is there EVER a possibility of an MITM in such circumstances?

To me, this always seems to be the biggest security flaw in router if an MITM is possible.

Pixel

There are only two “Official” ways of accessing firmware either from within the LAN which should be protected by a firewall therefore only accessible by an authorised user/administrator. The other by automation services where the hardware manufacturer (or Broadband provider) opens a port through the firewall to automatically update firmware so in principle certification would not be required.
Hackers exploit vulnerabilities in some cases to access Routers/LANS but security certificates would be ineffective in these cases as the Hackers would have “worked around” any security certification.

ZeldaLovesLink

WiFi is hard to secure.

How about we turn off the broadcast and wire everything?

cat cable to iPhone please?

JARVIS

So you're saying... having your wifi router broadcasted with id and mac address... it's unheard of that someone parked in the neighborhood can zero in on your wifi router activity, and then "grab" whatever transmission between your computer and wifi router? .... particularly, if your browser connection to your router firmware is not httpS

JARVIS

Ok, I think I might been using the wrong words.

What I meant was is it possible for WIFI SNIFFING when you're accessing your router "over the air" without HTTPS.