[mavili]

After hearing you're 14 I don't want to turn this into an argument really, but please note just because something "sounds" embarassing it may not be actually. Like others have pointed out, physical access to the device means many other measures that can be taken to protect security is not valid anymore. If there is no real need or security benefit for that password to be stored in anything other than plaintext then Amazon doesn't need to go out of their way to save any "embarassment".

[Dragon863]

I agree that physical access is a major limitation, yet it is something that could easily be resolved with an OTA firmware upgrade or by simply informing users how their password is stored. I personally think that physical access should still be considered when designing products like these, even if it is a more remote possibility.

[mavili]

You seem to be missing the point my friend. The point of the security here is if someone has access to the device, are they able to extract information with which they can then connect to the wifi? The answer is yes REGARDLESS of whether it's hashed or not. When that is the case, not hashing is not a flaw. All hashing does in this case is 'obscure' it, which isn't the same as 'more secure'.

I suppose access to plaintext vs hashed password in this case saves the owner embarassment if they've used a secret, or if they've used the same password elsewhere, though that isn't a problem of device manufacturer.