"Hope", yes. But if there are products with unencrypted no-auth telnet, I'm not sure we can assume everyone is following industry-standard best practices :)
Glucose meters and pumps similar to this one have already been found on Shodan :-/ The majority aren't directly on the Internet but it happens. There has actually been an increase in the number of hospitals that are showing up online.
>Won't do you much good if an attacker makes an open Wifi point with the same SSID as the hospital's network.
For that to work the hospital's SSID would have to be open as well. And if that were the case, faking the SSID would be a complete waste of time because you could just connect to it yourself.
You vastly overestimate the difficulty of spoofing a password-protected wifi network.
Even without that, acquiring access credentials is hardly rocket science. (eg. grab one of these pumps or any other wifi device lying around and read the password over the ethernet/serial port)
I don't think you understand how wpa works. It's not like the client just sends a password. A shared key is mutual authentication. If putting up a network with a target ssid leaked data, WiFi would be completely broken.
wifi security is a pretty soft layer of additional security and definitely should be considered cheaply penetrable for purpouses of defense.
But like I said you can just harvest the PSK off a device without cracking anything. An unprotected shared secret on all nodes is not very secret at all.
A link to some precomputed tables doesn't mean anything. Wpa2 AES CCMP with a long shared secret is effectively unbreakable. I have not seen any research on academia or industry that comes close.
Care to share some? If not, please stop spreading misinformation.
> For that to work the hospital's SSID would have to be open as well.
It's not something I've messed with, but I can't imagine it'd be that hard to make an access point that is "closed" but accepts any password given to it.
