When I’ve been hired to do red teams we always use giant antennas and find a nice parking lot a few blocks away to capture the necessary handshakes. This works great even in downtown SF where the RF interference is absurd.
Yea, this ^. This attack approach is interesting but any company that's serious about security needs to realize that anything opened up on wifi is a big hole - this used to be more amusingly exploited by war-driving, just driving around a neighborhood looking for someone with an open network that spills out into the street so you could download the latest episode of friends.
I don't work in this sort of security and it seems terrifying, the social engineering side is especially crazy.
I used to do this as a kid in rural Texas, when we could only afford dial-up at the house and my parents didn't let me on the network very often. Good times! I'm terrified of the prospect now, but back then I really appreciated all my neighbors who ran unsecured wireless networks named "linksys"
