[Dragon863]

I agree that physical access is a major limitation, yet it is something that could easily be resolved with an OTA firmware upgrade or by simply informing users how their password is stored. I personally think that physical access should still be considered when designing products like these, even if it is a more remote possibility.

[mavili]

You seem to be missing the point my friend. The point of the security here is if someone has access to the device, are they able to extract information with which they can then connect to the wifi? The answer is yes REGARDLESS of whether it's hashed or not. When that is the case, not hashing is not a flaw. All hashing does in this case is 'obscure' it, which isn't the same as 'more secure'.

I suppose access to plaintext vs hashed password in this case saves the owner embarassment if they've used a secret, or if they've used the same password elsewhere, though that isn't a problem of device manufacturer.