Modems/Routers : Add HTTPS when connecting to the NETGEAR Genie page

So it's truely unbeliveable that the management interface for all routers does not default to https! Also, why do I need the SSID and password scrolling across my screen? The developers of thse interfaces need a healthy dose of security training.

To be clear, SSL should now be referred to as TLS. All versions of SSL (1.0, 2.0 & 3.0) are vulnerable to attack. TLS 1.0 should also be deprecated. TLS 1.1, 1.2 and soon 1.3 should be the supported standard.

TLS encrypts the traffic between the client end point and the web interface of the router. The main reason this is important is to prevent unauthorized users on the wired side from sniffing network traffic and gathering login credentials for the router. Without TLS, this data is sent unencrypted and can easily be gathered from Wireshark captures.

Wireless data transfer is a different story. All routers shoudl be using WPA2 and nothing else. Yes, there are attacks against it, but it is highly unlikely that you will fall victim to that in your home. If you were to get compromised, having your router use TLS means that traffic would be encrypted in transit via TLS and not visible anyway!

Wireless traffic send using WPA2 encryption is unreadable in transit unless you are able to break the key pair. This is not trivial. 

In addition to https on the router admin interface, we should be screaming for router vendors and device manufacturers to fully support 802.11w - Secured Management Frames. By fully supporting this standard and turning on those features, one would significnatly reduce the likelyhood that soemone could force a client to deauth and connect to a rogue access point broadcasting a known SSID.

In any case, if Netgear can't get the simple stuff right, how much can you trust that they got the rest right? They should take a lesson from DD-WRT!