"A surprising number of the SSIDs round where I live are of the form "23 Railway Cuttings" or "Joe and Josie Bloggs". Even an unintelligent hacker might take these as significant clues as to the location of the routers..."
A hacker sitting in the Ukraine hosting the malformed website that triggers this exploit would need to have quite a wide circle of friends to know who Joe and Josie Bloggs are. Even if he did know who they are, this exploit gives away the WiFi password, not the SSID. All the hacker knows is IP address and WiFi password.
Getting a positive hit is going to take some time if active use of the exploit means walking slowly down every road in Britain, stopping when your phone picks up a BT router signal and trying out all of your stolen passwords in case one of them applies to that router.
Biting the hand that feeds IT
