When you are directed to manage an IoT device or router using a browser, your password and all communications are typically passed over an unencrypted connection.
Whitepaper Published by IoT Security Foundation
This Whitepaper seeks to raise awareness of a fundamental design flaw that has received little attention to date and yet affects many IoT devices and standard Internet routers.
Typically, when a user wants to provision or manage an IoT device or router using a browser, their user name, password and all communications are passed over an unencrypted connection. This is a very serious problem; it is pervasive, affecting most domestic installations, and it represents a huge security exposure, leaking both passwords and activity to anyone who is listening.
This problem cannot be mitigated by implementing cybersecurity best practice as it is due to a fundamental design flaw.
About the Whitepaper
The whitepaper goes into greater detail about the problem, design flaw and explores potential solutions.