[jiggy2011]

All of the WPA2 attacks I've seen assume predictable SSIDs and Passwords.

Again , ISPs seem to be ahead of this. Looking in my local area most of the APs have names like "BThub543897534895" and I assume that the passwords are randomly generated.

[tsahyt]

aircrack-ng assumes pre-shared keys. Cracking long passwords is quite time-consuming (read: takes a VERY long time). They actually explicitly state that in their wiki. I'm not exactly sure but I think I read something about using GPUs to accelerate bruce-force times with a speedup of 100x. That's quite substantial, however even with that brute-forcing is not an option here, which gets us back to the fact that an attacker will hope for a weak password, possibly in a dictionary.

You're right about ISPs being on the safe side with their SSIDs and passwords, but I think you're underestimating the users here. For the sake of it I've spent an hour and a half driving around town a year ago, logging locations of access points. I never did anything with the data except for looking at how access points are distributed across my town. Most of the AP names where common words or a combination of such. Concerning passwords, I've used wifi at friends and coworkers places quite a few times and most of them had weak passwords.

An attacker might just go and do some wardriving and randomly attack access points and I believe he'll find one weak enough without much of a hassle.

Bottom line it's the same as always: In the real world security isn't as depended on technology as it is on how much the user is concerned with it. How that works out in a lawsuit is a different question though.