Unauthorized Access to my Home Wifi
Hello,
I set up my home wi-fi network using 3 units and named all my connected devices individually. Today I noticed an unknown device named 'phone' was connected to one of the units and reset my wifi and TPlink user password immediately for extremely complex one. 'Guest Network' option is disabled and wifi is set to only 5G. After resetting the password, I rebooted all 3 units and then reconnected all my devices using the new password. That unauthorized client was gone and I thought the problem was solved. After a couple of hours I checked again for the connected clients and this 'phone' (as shown in the attached image) was there. For each of my devices that I reconnected, I got a 'new device connected' notification from the Deco App except for this guy.
It is very disturbing to see it in the connected devices list. I haven't blocked it yet. I would like to diagnose what is going wrong. No one should have access to the network after I reset the wifi password. And if I cannot find out the reason, that means the network is not secure.
I really appreciate your insight.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@vecii you will probably find that it is your iPhone!
- Copy Link
- Report Inappropriate Content
It is your iPhone or iPad most likely. The feature is called "Private WiFi Address," also known as "MAC address randomization."
This is how to turn it off for Deco mesh SSID in your Apple device:
-
Open the Settings app, then tap Wi-Fi.
-
Tap the More Info button next to a network.
-
Tap to turn Private Wi-Fi Address off.
- Copy Link
- Report Inappropriate Content
@Alexandre. Thank you for the reply.
However...
It is neither my phone nor my tablet, nor any other device in my home. It is still there even after I switch off all the devices except for my PC. I also have a new unauthorized device that showed up on the client list from IoT category (which I don't have at home).
The problem is...
They showed up even after I renewed my password. I heard in the forum that another user had suffered from a similar problem in the past.
I find it unsafe to continue to use it this way. I will surely return the kit.
Thank you anyway.
- Copy Link
- Report Inappropriate Content
Your concerns are understandable.
In your case, it would make sense to get WiFi mesh with whitelist (allow list) feature, which lets you explicitely permit devices to join your WiFi network.
Deco X60 runs on firmware 1.2 that does not support whitelist. It is not clear when or if TP-Link will release firmware for X60 that supports whitelist. You should return that set, your decision is correct.
If you like Deco mesh in general and OK to give it another try, I recommend to order set of Deco X50 or Deco X55. These are similar by performance models to X60, 3-unit set X50/X55 can do. They support whitelist feature with their firmware. Deco whitelist feature is documented here, under "Wi-Fi Access Control" name: https://community.tp-link.com/en/home/forum/topic/621412
- Copy Link
- Report Inappropriate Content
vecii wrote
To address this part specifically. I also saw claims on that forum that rogue device could access Deco mesh WiFi without password. In all cases where Deco mesh was not misconfigured (i.e., Guest Network left without password) and where "MAC address randomization" was disabled, the culprit was found to be someone from the household or business sharing WiFi password.
There has not been proven case where device can connect to Deco WiFi mesh without using valid password device owner obtained through people already having it.
With whitelist feature, you will be in control of the case where SSID/password is shared without your knowledge, or you missed device with "MAC address randomization" enabled.
Even if you decided to go with different WiFi mesh brand, check in that brand forums or its Support that WiFi mesh provides whitelist (allow list) feature.
- Copy Link
- Report Inappropriate Content
@Alexandre I appreciate all the support you provided. Thank you very much.
- Copy Link
- Report Inappropriate Content
vecii wrote
@Alexandre I appreciate all the support you provided. Thank you very much.
@vecii you can tell if the MAC address is a private address (and therefore not one that has been assigned by a manufacturer to a physical device), the second digit of the MAC address will begin with 2, 6, A or E.
These are the randomized MAC addresses we are seeing now, on phones, iPads and tablets.
Note also that the address list of the Deco doesn't always update quickly so removing devices and expecting them to disappear can be misleading.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 636
Replies: 7
Voters 0
No one has voted for it yet.