Deco M9 Plus security options
I created a post about a week ago regarding the lack of options for disabling TKIP (a deprecated security protocol with vulnerabilities).
My newer android devices are having issues connecting to the M9 Plus APs, and I believe this is a reason why. Can someone provide any input as to 1) why my post was deleted, and 2) if anyone is also having similar issues?
The symptoms are that the phones in question will connect to wifi, sometimes for several hours. Eventually though (at least once a day), a "!" appears on the connection icon and no data flows to/from the phone.
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Please note no one has ever deleted your post, it is alive and well here: https://community.tp-link.com/en/home/forum/topic/205486
You posted on our global forum first, then you came here to the US forum which your post did not exist giving you the impression the admins deleted your post.
If you get the icon that shows on the wireless network that could be related to no internet going to the Deco units. If there was an issue with the security then your phones would not connect at all, to begin with.
I would suggest starting with your modem, critical 3 error logs will give random connection drops.
- Copy Link
- Report Inappropriate Content
@Tony Thanks for the reply, and the revelation that there are multiple TP-Link forums (I've edited the original post).
Can I ask what you mean about critcal 3 errors? Are you referring to the modem/radio on the phones themselves (with 3 equaling "critical" in syslogd)? I do have the ability to run logcat on my phone, but not my wife's phone, as it is not rooted.
Threads on XDA regarding wifi issues seem to point to TKIP used at the encrytion method on the WPA2 protocol. I can't test this theory, as the Decos are literally the first wireless AP I've had that do not allow you to disable TKIP. This is obviously not something the average person is going to lose too much sleep over, but in this specific case, TKIP has known vulnerabilities and should be disabled whenever possible.
Additionally, I am not seeing the typical "drop" I've seen in the past, for instance, when you on the edge of a network with spotty signal. On an android phone, that would normally be the wireless icon disappearing, then coming back once the connection is reestablished. This is a persistent ! mark on the wireless connection that does not go away until you cycle the wireless radio. I am also reading of people disabling the "mixed" WPA/WPA2 mode (which allows for TKIP use) on their routers have not just the connectivity problem go away, but also finally having a Voice-over-wifi (VoWifi) connection.
As you probably know, both Android 10 and Windows 10 (build 1903 and above) are making users aware of this vulnerability. If you don't want to make it an option in the Deco application/firmware, then it should at least be disabled so it never comes into play.
- Copy Link
- Report Inappropriate Content
Critical 3 errors refer to the system logs in your modem. If the internet signal is not stable then you will get random internet drops so the Deco system will no longer get an internet connection which will give your devices the Wi-Fi signal with no internet.
Regarding the encryption, there has been no information if there will be an option to change or disable it.
- Copy Link
- Report Inappropriate Content
@Tony
Thanks for the reply. There is nothing wrong with my internet signal. No other devices are affected. There are most certainly some things the OEMs (OnePlus and Samsung) can do to resolve this issue, but I will say it does not happen with other access points. I am now using an older TP-Link Archer C8 placed in the middle of the house, just for these two devices. We're no longer having issues. If we connect to the Decos, however, the issues resume.
I would strongly recommend to your development team that WPA/TKIP be phased out altogether. It does not belong in a modern AP like the Decos.
- Copy Link
- Report Inappropriate Content
Thank you for the suggestion. We make sure to forward any feedback and feature requests to our devs for consideration.
- Copy Link
- Report Inappropriate Content
I agree! I just got the set of 3 - M9 Plus units, set one up and determined that WPA2 w/AES is not supported. I will be returning them. WPA2 w/AES has been a security standard for wireless connections for years! Why would they make a product that still uses a protocol with known hackes?!
- Copy Link
- Report Inappropriate Content
There is a beta firmware with AES-only as an option. Might want to check that out, first.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2108
Replies: 8
Voters 0
No one has voted for it yet.