Your comment that I responded to was referring to smart phones (ie, multiple references to "apps" and "mobile") and now you're bringing up "routers"?
Did you mean to do this? Because if not, it's what's called a bailey-and-motte fallacy. You've stated a very controversial, hard-to-defend position (what difference does compromised hardware make to a user's security?), mentioned it in a context where it would make a huge difference (smartphones), and now you've brought up a very specific scenario and context that is more reasonable (although still not as much as you appear to think).
Again, your original question was "What unusual attack do they get access to by owning or manufacturing the equipment?". Your original post made no reference to routers or switches.
To answer that original question explicitly, having a many types of hardware exploits on end-user equipment is game over - full access to all your data and communications on that device.
Edit: And regarding compromised routers, from https://www.welivesecurity.com/2019/01/17/new-years-resoluti..., here's a list of things that a hacked router could do to you, many of which would be of interest to nation-state attacker targeting a person or organization:
- redirect you to a web page that phishes for your credentials,
- dupe you into installing malware-laced versions of legit software,
- be hijacked to conduct man-in-the-middle attacks (MitM) on what you would believe are secure and encrypted connections,
- be corralled into a botnet in order to launch DDoS attacks against websites or even against aspects of the internet’s infrastructure,
- be co-opted as an on-ramp to attacks at other devices within your network,
- be used to spy on you via Internet-of-Things (IoT) devices,
- be compromised with malware such as VPNFilter, or, as another threat du jour, be misused for covert cryptocurrency mining.
Edit 2: And unless a website is only available via HTTPS, the end user is using an extension like HTTPS Everywhere, or the user carefully types in `https` as the URL protocol, then the end user is still vulnerable to SSL strip from a compromised router.
Sorry, we mixed up which hardware, in which questions. My question immediately above had to do with routers, etc. that the administration has also put attention onto.
OK, we crossed wires, no problem. However, for the reasons I mentioned above, compromised routers are still a very bad thing. At the very least, it's a beachhead from which to launch further attacks inside a data center or business. At the worst, they can use SSL strip to strip encryption off of any website/end-user who hasn't locked down HTTPS only. Plus, there are still many protocols in common use that are not encrypted by default.
Edit: Would you agree to let me (or anyone) hook up a compromised router inside your home network?
The bigger question is "how do you know your router isn't compromised already"
Chances are, the US government is pushing for china-free networks to ensure it has a monopoly on hacking American systems.
If we as a whole drop the assumption that the network is safe, we can build things where I would trust you to hook up a compromised router to my home network.
Did you mean to do this? Because if not, it's what's called a bailey-and-motte fallacy. You've stated a very controversial, hard-to-defend position (what difference does compromised hardware make to a user's security?), mentioned it in a context where it would make a huge difference (smartphones), and now you've brought up a very specific scenario and context that is more reasonable (although still not as much as you appear to think).
Again, your original question was "What unusual attack do they get access to by owning or manufacturing the equipment?". Your original post made no reference to routers or switches.
To answer that original question explicitly, having a many types of hardware exploits on end-user equipment is game over - full access to all your data and communications on that device.
Edit: And regarding compromised routers, from https://www.welivesecurity.com/2019/01/17/new-years-resoluti..., here's a list of things that a hacked router could do to you, many of which would be of interest to nation-state attacker targeting a person or organization:
- redirect you to a web page that phishes for your credentials,
- dupe you into installing malware-laced versions of legit software,
- be hijacked to conduct man-in-the-middle attacks (MitM) on what you would believe are secure and encrypted connections,
- be corralled into a botnet in order to launch DDoS attacks against websites or even against aspects of the internet’s infrastructure,
- be co-opted as an on-ramp to attacks at other devices within your network,
- be used to spy on you via Internet-of-Things (IoT) devices,
- be compromised with malware such as VPNFilter, or, as another threat du jour, be misused for covert cryptocurrency mining.
Edit 2: And unless a website is only available via HTTPS, the end user is using an extension like HTTPS Everywhere, or the user carefully types in `https` as the URL protocol, then the end user is still vulnerable to SSL strip from a compromised router.