[zeugma]

I don't see how that can be true in today's environment. They have to be able to update... Tho maybe some sort of encrypted front door will be employed...

Or cryptographically signed updates that have to be validated by the router before it will install

[roamer_1]

Or cryptographically signed updates that have to be validated by the router before it will install

Yeah, right - now we're back to 'if it is flash-able, it can be modded'... The eprom has to be readable, and that can be back-engineered to find out the signal the eprom expects from the file... and etc...

And, since the ROM one every router I know of is *nix, and open source at some level, whatever they might add is likely undermined - Linux can get to Linux...

So now you are talking hard shielded e-PROM, shielded ROM, and an unique or different OS to reasonably keep my mitts off of it... Generally speaking, even that will not stop the determined... Surely you know that security is immediately impossible if one is given 'hands-on' and time... There ain't a box out there I can't hack if I have it on my bench... All that's left is to make it such a PIA that it isn't worth it...