I’ve always wondered how commonly black hats clone and exploit mass deployed public SSIDs like the “xfinitywifi” network you see in all major US cities with xfinity.

Presumably you could get a lot of random devices to automatically connect and then hijack DNS to cause trouble.

At least 50% of such APs I ran across didn’t work right. I chalk it up to broken implementation on the ISP side, but a decent number may be issues like this.

Even if you hijacked DNS, most things are HTTPS now and you'd have to get a copy of a certificate from a trusted CA.

It's not that easy, unfortunately: Many networks span more than one access point, either simultaneously or across time (mediocre CPEs are notoriously being swapped out all the time by cable providers, in my experience).

Initially loading and then synchronizing certificates across APs would be anything but trivial.

I've surprised my friends a few times by keeping my SSID + password constant over the years and across several moves within the city (and across ISPs) and even internationally – whenever they come to my place, they have Wi-Fi the second they step through the door :)

It's also nice not having to re-configure various embedded devices, many without a sane user interface to type a passphrase or even accept a new TOFU public key, every time I set up a new router at my family's place.