

Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers [pdf] - gpvos
https://www.usenix.org/system/files/conference/woot15/woot15-paper-lorente.pdf

======
creshal
> We are surprised to notice little improvement in the default password
> protection of Dutch routers. In 2008, the practically exploitable security
> issue in SpeedTouch routers generated some serious media attention in The
> Netherlands. We had expected that successor and improved routers would be
> much more secure. However, our study reveals that various modern and
> massively deployed routers still use weak methods to generate default
> passwords. Users that did not explicitly changed their wireless password are
> vulnerable to practical password recovery attacks which enables an adversary
> to remotely intrude their network within minutes.

I guess as long as companies aren't held legally accountable for putting users
at risk, they're not going to change anything.

