Re: "alert the victim that something had happened"
The article is slightly wrong, the backdoor allows several options of which factory resetting is one of them.
they're listed in the presentation and source code for the proof of concept but ...for the non-technical or those who struggled to read it:
#1. Output all of the settings, all of the usernames, all of the passwords for the device.
#2. Read just one specified setting/username/password.
#3. Set one specified setting/username/password just while it's running ("apply").
#4. Save all the settings that are currently set so they persist a reboot.
#5. Join the network as if you are not connected to the Internet but another router.
#6. Output how fast we currently think our Internet or network connection is.
#7. Allow me to run any Linux (busybox) command I want on this device.
#8. Store a file on the device.
#9. Write what version of the software we are running.
#10. Write out our IP address.
#11. Factory reset. Lose all settings.
#12. Read the memory contents of the device.
#13. Save the memory contents to disk.
The researcher tried all the options and accidentally hit on #11.
I wished this had been responsibly disclosed to the manufacturers before it was given to Github, Hacker News and Reddit but now it's out there I hope it helps people who have the same devices know that an update to their device is proably coming that they will need to apply.