There are plenty of security issues with many routers including firmware that is seldom upgraded, opened (telnet) port with the default password, and the list could go on. But Jahed Ahmed recently wrote about an issue I had not heard of before: his TP-Link router shows two hidden networks in 2.4 GHz and 5 GHz bands that he only discovered after running WiFi Analyzer on his phone.
He did not enable those networks, so that was the default configuration from the firmware. That could potentially pose a security risk, contributes to WiFi spam, and Jahed also mentions a waste of energy although the extra power consumption is probably limited, even when scaled to millions of users. So why is TP-Link doing this? Apparently for their OneMesh mesh wireless network system and device including range and powerline extenders that users may want to use.
Other users have been reporting this issue on TP-Link Archer routers at least since 2019. TP-Link has not upgraded all routers, but says there’s nothing to worry about:
Just like the existing Deco mesh package products, the specific hidden network with high-intensity random password can guarantee the security of the network. So no worries.
and still offers a solution for users wanting to disable OneMesh with new firmware adding an option to disable OneMesh, albeit some models, like Archer C6 and A7, only have beta firmware. That’s just another reason to purchase a router that is compatible with OpenWrt, and many of those Archer routers are not…
But why does TP-Link need those hidden networks in the first place? Hacker News’ user m45t3r provides a possible explanation and why it may not be such a big issue:
…this hidden network probably uses another protocol (for the OneMesh). It is the 802.11s, that uses its own encryption method based on Simultaneous Authentication of Equals (SAE) (yeah, that is the same as WPA3, however it came before it). It shows as hidden network on Wi-Fi Analyzer, but the network is not actually hidden in the same sense of a hidden Wi-Fi network: this simple happens because 802.11s has no concept of SSID.
The authentication of new devices happens when you pair a new router using the application available on Android/iOS (it has a web interface too but AFAIK it doesn’t allow adding new mesh routers to the network). So it seems pretty secure for me, at least sans some security bugs that I am sure that the device should have. Doesn’t bother me too much considering that most bugs that I saw on those consumer routers generally comes from the security from things like administration pages and not the Wi-Fi network itself (unless it is something like KRACK that affects all devices implementing the protocol).
Yeah, it is still pretty sh*t that they enable this by default, but if the router from the author of blog post is from one of their lines of mesh routers I do think this is kinda of made by purpose, because using multiple routers devices is kinda of the idea of a mesh network.
It should be noted that 802.11s is older and different from Wi-Fi EasyMesh announced in 2018, even though both target mesh networking. You’ll find a short comparison on Stack Exchange between the two.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
