RE : TP-LINK WIRELESS EXTENDER AES WIFI SECURITY ISSUE | APPLE IOS "WEAK SECURITY" WARNING | WILL ONLY CONNECT VIA INSECURE TKIP PROTOCOL | DOES NOT OFFER WPA2-AES ENCRYPTION AS SOLD AND ADVERTISED.. ( TP LINK RE200 / RE300 / RE400 / RE500 / RE600 SERIES EXTENDERS AND PERHAPS OTHER MODELS AS WELL )

A SERIOUS THREAT TO BOTH THE SECURITY OF YOUR VITAL WIRELESS NETWORK AND ALL DEVICES THAT CONNECT TO IT... 

------------------------------------------------------------------------------------------------------------

All modern wireless routers and extenders provide you with the current WiFi security protocols known as "WEP" (TKIP), "WPA2-PSK"(AES), and "WPA2-PSK" (TKIP + AES) as selectable options. But if you choose the "wrong" one (TKIP or TKIP/AES) in your primary router setup, you’ll wind up with a slower and much less-secure network as a result.

"WEP" (Wired Equivalent Privacy), "WPA" (Wi-Fi Protected Access), and "WPA2" (Wi-Fi Protected Access II) are the primary security algorithms you’ll see when setting up modern wireless networks and routers. WEP is the very oldest standard, and has proven to be very vulnerable to common attacks, as more and more security flaws have been discovered over time. The release of WPA standard improved security a bit, but that standard is also now considered vulnerable to intrusion, which leaves just WPA2 as the default choice for all home, SOHO and SMB wireless networks. While WPA2 is not perfect, it is currently the most secure choice we have.

In addition to the above WiFi algorithms, a "second layer" of security protocols come into play,when transmitting and receiving secure wireless signals, and the two most popular are known as "TKIP" (Temporal Key Integrity Protocol) and "AES" (Advanced Encryption Standard) 

ProTip : In case you are wondering what the "PSK” acronym (as in "WPA2-PSK") means, it is the encryption protocol for a “pre-shared key", which is generally your encryption "passphrase" or password. This distinguishes it from “WPA2 Enterprise”, which uses a specialized "RADIUS" server to hand out unique keys, and is used primarily on larger corporate or government Wi-Fi networks....

So let's take a quick look at how the AES and TKIP encryption protocols differ... And affect your wireless security.

TKIP is actually an OUTDATED encryption protocol, introduced way back when with the (now very obsolete) WPA algorithm, to replace the even older and very insecure "WEP" algorithm. TKIP is actually quite similar to the (dinosaur) WEP algorithm, and as such, TKIP is NO LONGER considered secure, and now completely deprecated as a security standard.. In other words, you shouldn’t be using it !!

AES is a most secure, modern, common encryption protocol for WiFi, and was introduced with launch of WPA2 algorithm. And AES isn’t just some "generic" protocol developed specifically for Wi-Fi networks, either. It’s a serious worldwide encryption standard that’s even been adopted by the US Government, the US Miliary and most governments across the globe, to secure many of their computer networks.

AES is also generally considered quite secure, with its one main weaknesses being open to (very difficult) "brute-force" attacks, which can be mitigated in most cases by the use of strong "passphrases" (passwords). But in the real world, very few consumers do this..  (but you should)

The short version is that TKIP is an OLDER, LESS SECURE encryption standard used by the outdated WPA standard, ans AES is the NEWER Wi-Fi encryption solution used by the new-and-secure WPA2 standard. But, depending on your router, and the wireless devices that connect to it (including wireless extenders!) choosing WPA2-PSK as the default protocol may not always be the right choice for you.. (but almost always is)

While WPA2 is supposed to use AES for optimal security, it can also use TKIP where backward compatibility with very old "legacy devices" is required. In such a state, devices that support WPA2 will connect with WPA2 and devices that support WPA will connect with WPA. So “WPA2” doesn’t always mean WPA2-AES.

However, on devices without a visible “TKIP” or “AES” option, WPA2 is generally synonymous with WPA2-AES.

But using WPA and/or TKIP for compatibility with ancient (over 10+ years old) devices also slows down your Wi-Fi network. Many modern 802.11N / AC Wi-Fi routers will slow down to just 54mbps if either WPA or TKIP are enabled on your router or extender. By comparison, 802.11n supports up to 300mbps speeds if you’re using WPA2 with AES. And 802.11ac offers maximum speeds of up,to 3.46 Gbps under optimum (read: perfect) conditions. So there is a big speed hit to your network by using them.

SO WITH ALL THAT SAID.....

It looks like it might be high time to sell your insecure TP-Link wireless products on eBay (along with a warning of TKIP-Only encryption in your auction description of course), as there does not appear there is a solution at hand to this serious security issue coming from TP-LINK anytime soon, as I believe TP Link was well aware of this product defect for quite some time now.

And unlike many major wireless product makers, TP-LINK does not seem to offer firmware or security updates for its extenders once they ship. Many are still on V1 Firmware (Version 1) months or years after the initial product launch from my observation.. 

This alone speaks volumes about TP-LINK and their serious lack of "after sale" product and device support, and is a #EpicFAIL to all parties concerned, without touching on the issue of false advertising a highly important security feature that cannot be used now, or in the foreseeable future... TP-LINK Support tried to blame MY high end router for the issue at first, then said it was a problem with APPLE and IOS 13 (Thanks Apple for looking after the security of our networks !) then claimed in community posts that this serious issue would be soon "fixed" with the pending release of IOS 14, which after installation, or course did not fix the issue, as the issue is solely with the defective TP-LINK product design / engineering.

****************************************************************************

IF THERE ARE ANY LAWYERS INTERESTED IN DISCUSSING THE POTENTIAL FOR A NATIONWIDE CLASS ACTION SUIT AGAINST 

TP-LINK FOR FALSE ADVERTISING OF WPA2-AES ENCRYPTION, PLEASE TEXT DAVID (BOCA RATON, FLORIDA) AT 561-450-9468 WITH YOUR NAME, FIRM NAME, PHONE, WEB URL AND CONTACT DETAILS. 

***************************************************************************