Well, the article is actually entitled "Reddit Router Scam", but the "Reddit" part is just for clicks.https://medium.com/h...ter-scam-9aaf42f349e
A couple of days ago one Reddit user had the misfortune to return home and discover something rather interesting hooked up to their router, placed there by their roommate. A cross between a multi-level marking scam and hardware malware, the malicious board had been put into a position that allowed it to harvest every bit of available data from their local network.
“Roommate has come home and stated they found the person on Facebook and installed the device a few days ago. They were told they’d receive $15 a month through direct deposit and all the device will do is run ads for other people when they visit roommates Facebook page…
…well it has been a long night but I’ve finally got all my passwords reset and bank cards cancelled. I have no way of knowing what data was taken as it is not stored on the device. Only thing left to do is grill my roommate for information regarding the person/company that gave them this and decide if I have enough to go to the police.”
Looking at the picture of the board itself, it appears to be an off-the-shelf Friendly ARM NanoPi NEO single-board computer. Built around an Allwinner H3 processor, a quad-core ARM Cortex-A7 running at 1.2GHz with 256MB of RAM, the board has a 10/100Mbps Ethernet jack, and a micro SD card slot. That’s a specification that provides more than enough horse power to snoop in on any traffic going across the local network.
More at link... but it goes downhill from there. As someone else said in the comments, I'd be room mate shopping at that point.
Someone else also said that if you could sign up and get the free NanoPis without connecting them or giving them real account information... They'd already have too much information at that point IMO.