I'm sure that more creative versions exist, but a very common way is the WiFi deauth attack.
The advantage is that it works on the protocol level, so you don't have to nuke the entire spectrum for the entire neighbourhood (which would attract attention)
How would this work for scenarios where people take advantage of the free network hotspot connectivity provided by some Wi-Fi and cellular providers? anyone who travels throughout even a moderately dense coverage area would swiftly accumulate a history of hundreds if not thousands of briefly-connected ssids? It seems like constantly broadcasting this data would result in fairly noticeable performance degradation.
AT&T smart wifi is a recent example, it manages discovery of different system partner ssids through an app. But even if the SSID was exactly the same, the bssid would be different in every case, and that's the unique (mod spoofing) station identifier.
It's hard and generally unnecessary to protect wireless protocols against DoS, since jamming almost always works. Military transceivers do try, but as I understand it it's well beyond just designing the protocol carefully.
It's not just denial of service. First step is to kick the client off. That's DoS. Next step is spoof the station so when it tries logging back in it grabs the password. I am asking how to mitigate against that, and don't see anything beyond disabling auto logging and password rotation.
802.1x allows for the client to validate the authentication server by way of X.509 certificates, although this normally does require manual configuration since there is no global namespace to tie an ESSID to like there is for domain names in normal TLS. Mutual asymmetric key auth is available through EAP-TLS as well, but I could see that being a rare feature on cameras.
Actually, why there is not? Company should be able to just get cert for wifi.company.com and then be allowed to just call its network wifi.company.com...
I replaced my Orbi network with Eeros. Same SSID, same password, but almost nothing in my house (smart devices, phones, computers, Alexa) would use it until I logged in again on each device. I'm not sure how it's done, but something's in place.
Did you configure the Eero to spoof the Orbi's BSSID?
It's not really "secure" in the academic sense of the word, but many devices record the BSSID along with the SSID to be a little more safe from hijacking.
It's trivial to spoof the BSSID if you're an attacker since it's something that's just advertised wirelessly.
The advantage is that it works on the protocol level, so you don't have to nuke the entire spectrum for the entire neighbourhood (which would attract attention)
https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack