Securing a WLAN accesspoint is clearly nontrivial.
So a California court had the sense not to ask people to secure their Wifi.
Well, that makes sense in multiple ways. But one aspect that was not mentioned is that known WPS attacks make it hard on a consumer.
What's WPS? Well, WPS is what makes setting up a secure WLAN a possibility for the average user. WPS has basically three ways to facilitate WLAN setups with enabled encryption:
- Pressing the button on you Router allows your phone to join in short time window.
- Then there is variant where you tell the router a pin that device has generated.
- And last and here most relevant is the variant, where you read a pin (usually on a sticker) and enter it on the client.
Counter measures are:
- Change the router not to leak if the first part of the password is good.
- Change how long a WPS pin attempt takes.
- Change how many WPS pin attempts are allowed before locking up.
- Disable WPS pin method.