cancel
Showing results for 
Search instead for 
Did you mean: 

Hub 3 Security Upgrade/TP Link issue

taymm17
Tuning in

Hi,

Have 2 slightly linked questions/issues:

1) Are Virgin planning on upgrading the security protocol used in their Hub 3? i.e. WPA2-AES or above, instead of protocols that use TKIP.

2) I use a TP Link extender in my home and extending the current secure configuration of wifi network (using WPA2-PSK (TKIP)) it notifies me that it has weak security on my apple devices post iOS 14. I have used the work around to remove the 'weak security' notification from the main network, but cannot for the TP Link extender, also, this is just removing the notification not improving security (hence why ideally i would like to know if Virgin are upgrading).

Working in the field of Cyber Security it bugs me that my own home network has weak security.

Thanks in advance for any clarity.

 

10 REPLIES 10

Tudor
Very Insightful Person
Very Insightful Person

VM are unlikely to make any firmware updates to the Hub3 except in extreme circumstances. See this:

https://community.virginmedia.com/t5/Networking-and-WiFi/iOS-14-Weak-Security/td-p/4410050


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

goslow
Alessandro Volta

@taymm17 wrote:

Hi,

Have 2 slightly linked questions/issues:

<snip>

Thanks in advance for any clarity.


Not too many VM installations left in my street since BT FTTP arrived. However, the ones I can see via a wi-fi scanner all show WPA2-PSK AES-CCMP.

There also seem to be plenty of online complaints about TP-Link extenders not supporting AES. Many topics suggest upgrading the firmware of the extender.

I'm not sure I understand the problem :-

Our Hub 3 in Router mode has WPA2-AES Enabled and WPA-PSK Disabled.

Both of our TP-Link Access Points also have WPA2-AES Enabled and both have WPA-PSK Disabled.

 

 

goslow
Alessandro Volta

@Client62 wrote:

I'm not sure I understand the problem :-

Our Hub 3 in Router mode has WPA2-AES Enabled and WPA-PSK Disabled.

Both of our TP-Link Access Points also have WPA2-AES Enabled and both have WPA-PSK Disabled.


If I have understood correctly, the OP gets the 'weak security' warning when connected to the extender and cannot change the extender to AES.

Having the TP-LINK model in question would help ?   

The unit would have to be very old not to support WPA2-PSK AES

Firmware updates are available at : https://www.tp-link.com/uk/support/download/

Below is how we set our TP-LINK units into WPA2-PSK AES only mode.

Client62_0-1675799034583.png

 

goslow
Alessandro Volta

@Client62 wrote:

Having the TP-LINK model in question would help ?   

The unit would have to be very old not to support WPA2-PSK AES


The TP-Link issue was to do with extenders rather than access points. Haven't read all the TP-Link topics about it but, after a quick skim read, it looks as if WPA/WPA2 was baked into the extender firmware with no way of changing it, originally. Hence iPhones were reporting 'weak security' when connected to TP-Link extenders. TP-Link has released firmware to correct for some models

https://community.tp-link.com/en/home/forum/topic/232218?sortDir=ASC&page=1

Will need the OP to confirm if this is the issue, or something different.

taymm17
Tuning in

Hi all,

Thanks for the replies. Extender is the RE220 V2, have been on the tether app trying to change the security protocols, but doesn't allow me to do so. Also when using the Web GUI I can't seem to get to the http://tplinkrepeater.net to manage it that way either. 

Looks like the last Firmware upgrade is from December 2020. So may not help with latest iOS security issue. That said I'm trying to upgrade it if i can somehow solve the above.

Links to the device like :   http://tplinkrepeater.net  assume the device can broadcast that name and its IP and often it does not work.

The IP of the TP-LINK device might be printed on it, failing that use a phone app to scan the local address range for connected devices, that should ping the extender and reveal its IP address.   

taymm17
Tuning in

Managed to get access to it using my phone. But looks like the device has the latest firmware for its version (V2). 

I've reset factory default on the extender and now just using one service not splitting it into 2.4 & 5 GHz and the weak security seems to have disappeared. 

Maybe it just needed a reset after configuration changes on the router itself to force WPA2 PSK not WPA PSK/WPA2 PSK.