TP-Link Deco Mesh Wi-Fi security flaw?
I'll admit geeking out on this one. Couldn't resist a sale at Amazon to pick up two of the TP-Link Deco M5 units (2-radio version) for only $99 to try out.
Seen Dave's write-up that says they are pretty good, especially for the price.
I've been using Eero Pro's for several years are my "go to" solution for entry-level mesh, but looking to consider alternatives, so...
Installed really nicely, I might even prefer the login methods and app to Eero (the Eero login/account management is a bit too heavy-handed sometimes).
I have one unit hardwired to my existing LAN as a router (double NAT) and the second unit connected as a wireless mesh add-on/mesh point.
But I noticed something weird - the TP-Link seems to be generating a hidden network. I.E. a network that does not broadcast its SSID. I assume it might be used for the backhaul between units (nothing wrong with that and I think most mesh Wi-Fi systems do that), but it is shown as being open without any encryption - no WPA2 as I would expect.
Now if it is used by TP-Link, one might assume they run their own encrypted session on top of the open Wi-Fi transport, but that seems really poor design. Not a security expert, but an open Wi-Fi link means no encryption so sniffing the traffic and possibly creating a man-in-the-middle attack would be a lot easier.
Am I just paranoid or maybe something else is the source of the hidden network? I can't trace the BSSID definitively, but it disappears when I unplug the TP-Link and re-appears when I bring it back online.
Note: I found the hidden network because my production Wi-Fi is Ubiquiti Unifi and showing "nearby AP's" is one of the build-in handy features in the controller web interface display screens.
The typical software based scanners such as "WiFi Explorer" cannot see hidden networks (probably limited by how they can access the Wi-Fi hardware and inability to put the Nic into monitor mode).