ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
RE : TP-LINK WIRELESS EXTENDER AES WIFI SECURITY ISSUE | APPLE IOS "WEAK SECURITY" WARNING | WILL ONLY CONNECT VIA INSECURE TKIP PROTOCOL | DOES NOT OFFER WPA2-AES ENCRYPTION AS SOLD AND ADVERTISED.. ( TP LINK RE200 / RE300 / RE400 / RE500 / RE600 SERIES EXTENDERS AND PERHAPS OTHER MODELS AS WELL )
A SERIOUS THREAT TO BOTH THE SECURITY OF YOUR VITAL WIRELESS NETWORK AND ALL DEVICES THAT CONNECT TO IT...
------------------------------------------------------------------------------------------------------------
All modern wireless routers and extenders provide you with the current WiFi security protocols known as "WEP" (TKIP), "WPA2-PSK"(AES), and "WPA2-PSK" (TKIP + AES) as selectable options. But if you choose the "wrong" one (TKIP or TKIP/AES) in your primary router setup, you’ll wind up with a slower and much less-secure network as a result.
"WEP" (Wired Equivalent Privacy), "WPA" (Wi-Fi Protected Access), and "WPA2" (Wi-Fi Protected Access II) are the primary security algorithms you’ll see when setting up modern wireless networks and routers. WEP is the very oldest standard, and has proven to be very vulnerable to common attacks, as more and more security flaws have been discovered over time. The release of WPA standard improved security a bit, but that standard is also now considered vulnerable to intrusion, which leaves just WPA2 as the default choice for all home, SOHO and SMB wireless networks. While WPA2 is not perfect, it is currently the most secure choice we have.
In addition to the above WiFi algorithms, a "second layer" of security protocols come into play,when transmitting and receiving secure wireless signals, and the two most popular are known as "TKIP" (Temporal Key Integrity Protocol) and "AES" (Advanced Encryption Standard)
ProTip : In case you are wondering what the "PSK” acronym (as in "WPA2-PSK") means, it is the encryption protocol for a “pre-shared key", which is generally your encryption "passphrase" or password. This distinguishes it from “WPA2 Enterprise”, which uses a specialized "RADIUS" server to hand out unique keys, and is used primarily on larger corporate or government Wi-Fi networks....
So let's take a quick look at how the AES and TKIP encryption protocols differ... And affect your wireless security.
TKIP is actually an OUTDATED encryption protocol, introduced way back when with the (now very obsolete) WPA algorithm, to replace the even older and very insecure "WEP" algorithm. TKIP is actually quite similar to the (dinosaur) WEP algorithm, and as such, TKIP is NO LONGER considered secure, and now completely deprecated as a security standard.. In other words, you shouldn’t be using it !!
AES is a most secure, modern, common encryption protocol for WiFi, and was introduced with launch of WPA2 algorithm. And AES isn’t just some "generic" protocol developed specifically for Wi-Fi networks, either. It’s a serious worldwide encryption standard that’s even been adopted by the US Government, the US Miliary and most governments across the globe, to secure many of their computer networks.
AES is also generally considered quite secure, with its one main weaknesses being open to (very difficult) "brute-force" attacks, which can be mitigated in most cases by the use of strong "passphrases" (passwords). But in the real world, very few consumers do this.. (but you should)
The short version is that TKIP is an OLDER, LESS SECURE encryption standard used by the outdated WPA standard, ans AES is the NEWER Wi-Fi encryption solution used by the new-and-secure WPA2 standard. But, depending on your router, and the wireless devices that connect to it (including wireless extenders!) choosing WPA2-PSK as the default protocol may not always be the right choice for you.. (but almost always is)
While WPA2 is supposed to use AES for optimal security, it can also use TKIP where backward compatibility with very old "legacy devices" is required. In such a state, devices that support WPA2 will connect with WPA2 and devices that support WPA will connect with WPA. So “WPA2” doesn’t always mean WPA2-AES.
However, on devices without a visible “TKIP” or “AES” option, WPA2 is generally synonymous with WPA2-AES.
But using WPA and/or TKIP for compatibility with ancient (over 10+ years old) devices also slows down your Wi-Fi network. Many modern 802.11N / AC Wi-Fi routers will slow down to just 54mbps if either WPA or TKIP are enabled on your router or extender. By comparison, 802.11n supports up to 300mbps speeds if you’re using WPA2 with AES. And 802.11ac offers maximum speeds of up,to 3.46 Gbps under optimum (read: perfect) conditions. So there is a big speed hit to your network by using them.
SO WITH ALL THAT SAID.....
It looks like it might be high time to sell your insecure TP-Link wireless products on eBay (along with a warning of TKIP-Only encryption in your auction description of course), as there does not appear there is a solution at hand to this serious security issue coming from TP-LINK anytime soon, as I believe TP Link was well aware of this product defect for quite some time now.
And unlike many major wireless product makers, TP-LINK does not seem to offer firmware or security updates for its extenders once they ship. Many are still on V1 Firmware (Version 1) months or years after the initial product launch from my observation..
This alone speaks volumes about TP-LINK and their serious lack of "after sale" product and device support, and is a #EpicFAIL to all parties concerned, without touching on the issue of false advertising a highly important security feature that cannot be used now, or in the foreseeable future... TP-LINK Support tried to blame MY high end router for the issue at first, then said it was a problem with APPLE and IOS 13 (Thanks Apple for looking after the security of our networks !) then claimed in community posts that this serious issue would be soon "fixed" with the pending release of IOS 14, which after installation, or course did not fix the issue, as the issue is solely with the defective TP-LINK product design / engineering.
****************************************************************************
IF THERE ARE ANY LAWYERS INTERESTED IN DISCUSSING THE POTENTIAL FOR A NATIONWIDE CLASS ACTION SUIT AGAINST
TP-LINK FOR FALSE ADVERTISING OF WPA2-AES ENCRYPTION, PLEASE TEXT DAVID (BOCA RATON, FLORIDA) AT 561-450-9468 WITH YOUR NAME, FIRM NAME, PHONE, WEB URL AND CONTACT DETAILS.
***************************************************************************
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for you post. Do you still get the Weak Security message on your Apple phone.
I have RE230.
I did the Firmware up date and still get message. I had this for awhile but over a week ago I had issues and reinstalled the extenders and now having the Weak Security on my phone.
Can you explain about using the TPlink web🤔
Thank you
- Copy Link
- Report Inappropriate Content
Yes the Weak Security message has gone from my iPhone.
I'm having difficulty remembering how I got into the TP-Link Cloud management options but I'm pretty sure the instructions at https://www.tp-link.com/us/support/faq/1366/ apply equally to the RE300 series (which I have). Not sure if they apply also to the RE200 series.
Give it a shot.
Once you are managing the device via TP-Link Cloud you will see options to change the WiFi security settings to provide higher level security.
Hope that helps.
- Copy Link
- Report Inappropriate Content
Hello everyone,
Here is a summary thread for Range Extender Weak security issue where you could find the latest firmware or beta firmware that fixed the problem:
[Solution] iPhone iOS14 recognizing the range extender wireless network as "weak security"
https://community.tp-link.com/en/home/forum/topic/232218?page=1
If your model is not listed, or you still experience the same issue, please leave your comment there with case details. We will look in to your inquiry as quickly as possible.
The above thread will guide you to TP-Link Global community temporarily, click here to continue your travel in TP-Link US community.
- Copy Link
- Report Inappropriate Content
I just received my 855RE December 2021 and upgraded from v1 to latest firmware (also disappointed this was original firmware at such a late date) and surprised to see it DoesNot have AES only TPIK encription. I wanted it to allow my outdoor camera to have a stronger connection to my local network so not sure if the TPIK will be a major factor as the device was less than $10. YGWYPF i guess.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 3
Views: 18604
Replies: 14