I went on another WiFi "auditing" (actual auditing without permission is immoral and illegal. I'm just checking how the networks are setup by looking at the publicly broadcast information) route tonight, and something hit me. The WiFi security in this town is abysmal. I expect to find issues with routers that were setup by the home or business owner, they knew they were taking that risk when they took on the task themselves. My problem is with the routers that were provided and setup by local ISP's, and especially WiFi routers someone obviously paid to have setup by a "professional" who clearly has no business taking someone's security in their own hands when they haven't been properly trained.
Your digital security isn't something that can be taken lightly in 2021. Every person's home WiFi network is a potential doorway into virtually every aspect of their life, and if not secured properly, you're literally broadcasting your personal and financial information out to the world.
Some blame does belong on the shoulders of the router manufacturers for giving people the false comfort in the idea they can simply plug their router in, choose a password, and they're good to go, but the people being paid to set them up should know about these security issues and how to deal with them. If someone is paying you to do a job and you're not qualified to do it, you're putting people at legitimate risk of having their identity stolen or being held responsible for any illegal activity their internet connection is used for.
Two in particular
There's 2 local ISP's in particular that are apparently installing legitimately dangerous WiFi routers into peoples homes and small businesses (at least they use better systems for their larger business customers). Every single router I've run into from either of them is susceptible to a Pixie WPS attack. That's an attack that can compromise your WiFi password in about 10 seconds, regardless of how strong it is. I've sent my findings to both of them, and I'll give them a chance to fix the issue, but I'm not holding my breath.
This is dangerous
If you're reading this and aren't mad yet, I guess I haven't done a good job explaining why having weak WiFi security is such a big deal. The thing I want to make clear isn't how many hacks exist, I think most people know that. It's how insanely easy they are to execute. If comprising a WiFi network and stealing someone's data required a highly capable hacker, then I'd agree with some of you. The chances someone like that would and could target you is pretty low. In reality, all some bad actor has to do is watch a YouTube walkthrough with step by step instructions and have access to any old laptop or certain smartphones and they'll be capable of accessing virtually any improperly setup network. Even if they're not after your data, they might just want to use your internet connection to do something illegal online. When your IP address shows up on some FBI watchlist for illegal activity and they go to your ISP with a warrant, those actions fall on your head. I'm not saying you'll definitely be convicted, but you will be hiring lawyers and fighting charges for the next couple years of your life. Just wait until you're presented with a $20,000 fine for illegally downloading copyrighted movies and you have to convince them someone accessed your supposedly encrypted network.
This might be seen as fear mongering, but it's really not. It's reality, and it needs to be taken seriously.