Tag: internet

IoT Deserves Better Than 2.4GHz

Recently in my neighbourhood there have been a number of car break-ins, usually where vulnerable keyless fobs have been hacked to extend the range and unlock their car. But the owners also discovered that the thieves were using signal jammers to block WiFi doorbell/security cameras. In my opinion this is a more serious issue as they are not the only devices that would be affected by this type of attack, and from what I can see on the websites of many manufacturers and vendors, these companies are not providing enough information on their smart/IoT devices to assist in mitigating this issue.

For instance, of six well-known vendors in Ireland (B&Q, Screwfix, Harvey Norman, DID Electrical, Currys, and Power City), with the exception of Screwfix, the majority of vendors of smart doorbells listed “WiFi” as connectivity, with no indication of frequency band, or other WiFi capabilities such as standard. To focus on Screwfix, while they did specify frequency band, only one of the Ring doorbells listed 5GHz, though as a “Network Standard”, not as the “Smart Frequency Band”. The rest are 2.4GHz.

On the same six vendor websites, there are other WiFi devices such as baby monitors, smart thermostats, and other home IoT devices (with little connectivity information or are again only 2.4GHz) which could also be easily affected by signal jammers that are quite easy to purchase online e.g. the DStike Deauther Watch.

Even online manufacturers/vendors also provide little to no information on the WiFi standards they use, e.g. hivehome dot com for thermostats, or SpaceSense from wizconnected dot com for smart lighting.

The broad use of 2.4GHz alone is likely because it is the most common WiFi frequency available, and has the furthest range due to its RF properties. But due to its vulnerability to interference (intentional or not), lack of channel space, and lower speeds than 5 or 6GHz WiFi, I don’t think it’s acceptable for manufacturers and/or vendors not to clearly inform their customers of their “smart” or “IoT” device’s WiFi capability, so the customer can make an informed choice and thereby future-proof their network, which is becoming more of a requirement than option, seeing how fast WiFi is improving.

Since 2020, WiFi 6, 6E, and 7 have been introduced, utilising the 5 and 6GHz bands, with WiFi 7 having estimated speeds of up to 46Gbps. The highest theoretical speed for 2.4GHz is 600Mbps, in reality it’s closer to 450Mbps.

In Europe, the European Telecommunications Standards Institute has released 480-500MHz (5925/5945-6425MHz) of the 6GHz spectrum for unlicensed systems, while the Federal Communications Commission in the US has opened up the full 1200MHz, i.e. 5.925–7.125GHz. While users in Europe arguably still need more spectrum in 6GHz, I hope that more awareness of the IoT focused security features of WPA3 such as Easy Connect, and more choice of 5GHz and 6GHz WiFi products will result in WiFi manufacturers and vendors providing better service to their customers, and that smart/IoT home and enterprise networks will benefit significantly from these updates, not least at layer 1.

January 14, 2025
What’s Next for WiFi?
If you google “WiFi projected growth”, you will see multiple industry reports from various research entities, claiming up to 5x increase globally in the value of WiFi and/or number of WiFi devices in the next 5-10 years (2030-2035).

But I think it’s more interesting to focus on WiFi projects and improvements in recent years and how they could shape networks in the near future.

In 2017 I became aware of the Wi-Free (as it was named in Ireland) service offered by Virgin Media. This allowed any Virgin Media customer to connect to the Wi-Free network, which was broadcast not only by public WiFi hotspots, but also by the home routers of other Virgin Media customers. In order to use the service a customer had to opt in to allow Wi-Free be broadcast from their own router. Unfortunately, Virgin Media announced in early 2023 that this service would end in November of that year due to declining use and the increase in 4G and 5G traffic.

In 2018, WiFi NOW reported that the City of New York was considering rolling out public WiFi access across the five boroughs with 250,000 access points installed on street lights. This project (which was planned for completion by 2025) has not come to fruition, although its spearhead LinkNYC has currently rolled out almost 2,000 kiosks across New York City that provide free WiFi access, device charging, and phone services.

It’s disappointing that these projects were not developed further, but I think that the demand for this type of public WiFi hotspot will grow again in the next decade. This will be as a result of the increase in population outside of cities since Covid, the growing popularity of high density housing, and the restrictions in 5G due to its need for more towers than 3G/4G networks.

Urban areas and smaller towns could greatly benefit from a public WiFi service (both indoors and outdoors) that is not dominated by cell towers, nor will require a FTTH connection and/or router to every single residence.

Furthermore, with the cost of living increasing dramatically since Covid, and consumers investing more in energy-saving solutions like home insulation, this brings a new problem due to the attenuation the insulation causes to cellular networks. The proposed solution to this is for cell providers to allow connections to their network using a customer’s WiFi network. This is already known as WiFi Calling, and shows the demands even cellular networks will make on WiFi networks, whether public or private.

A common complaint about WiFi is security, and although WPA3 support has been mandatory for new WiFi certified devices since 2020, its increasing use in new networks will bring several security benefits.

OWE (Opportunistic Wireless Encryption) automatically encrypts data between the user device and the access point, even on open (typically guest) networks. It does this by embedding Diffie-Hellman key exchanges in the Association Request and Association Response.¹

SAE (Simultaneous Authentication of Equals) is also employed in WPA3, where the PMK is calculated by both parties without an exchange of key data. A Diffie-Hellman elliptical curve exchange is required to create the PMK, and the PSK can be used for authentication (between client and AP), but not to decrypt data traffic. By comparison, WPA/WPA2 used a PSK (calculated from a passphrase) to create the PMK which was seeding material in the 4WH.²

For IoT networks, Easy Connect replaces WPS as a means of connecting devices without a user interface, by scanning a QR code, NFC tag, or downloading device information from the cloud. This simplified provisioning process also supports WPA3-Enterprise, which is most likely to be used in future versions of Wi-Free, potentially bringing public WiFi and IoT together in one network.

Keith Parsons, one of the most well-known WiFi evangelists, has frequently stated that WiFi and 5G will complement each other in the long run, rather than compete. Looking at the last five years and the changes in how and where our communities live and work, I think he will be proven correct before long.
1. CWSP-207 Official Study Guide (Tom Carpenter) Ch. 10: OWE ↩︎
2. CWSP-207 Official Study Guide (Tom Carpenter) Ch. 10: SAE ↩︎
January 6, 2025
WiFi Troubleshooting Checklist
When a WiFi issue is reported, it has been my frequent experience (from working in several helpdesks and network teams) that the problem is client-related i.e. if you have multiple users connected to a wireless access point, and only one or two are having WiFi issues, the problem generally isn’t the WiFi. The following information should be acquired and used to troubleshoot the issue before escalating the ticket through the various tiers of an IT team.

Helpdesk/Service Desk:

Initial steps:
- Forget network, then reconnect to WiFi
- Check if their username and password are correct
- Check the wireless drivers on their device
If the above does not resolve the connection:
- How many users are affected?
- Device(s) make/model?
- Location(s)?
- Message(s), if any, onscreen?
  - Connected: Verify connection issue affects all webpages, not just one or two as they may be the cause of latency.
  - Failure to obtain an IP address: Check the device settings are correct and DHCP is set to Auto. If so, escalate to Networks/Infrastructure
  - Connected/Internet may not be available: Escalate to Networks/Infrastructure
- Find out the IP address, i.e. type “ipconfig/all” in Windows Command Prompt and check the output from the relevant wireless adapter.
- Get the MAC address (using ipconfig/all as above) AKA the Physical Address
- If multiple users affected, is the connection issue occurring in one location or several?
ALL INFORMATION GATHERED ABOVE SHOULD BE ADDED TO TICKET BEFORE ESCALATING

Networks/Infrastructure team:
- One user:
  - Verify that the IP address matches the correct subnet in the IPAM server.
  - In the Wireless NMS, search for the user using the MAC addresses.
  - Check the BSSID they’re connected to. The BSSID identifies the SSID on a particular AP.
    
    For Windows users, type “netsh wlan show interface” in Windows Command Prompt.
    
    For macOS, hold the Option key while clicking the WiFi icon in the upper right corner. BSSID will be listed in the drop-down menu.
    
    For Android or iOS, the user can download the apps WiFi Analyzer or Network Analyzer Lite respectively.
    
    The results should show the AP and SSID of the user’s most recent connection.
- Multiple users:
  - Check access points in the location(s) of connection issue:
    
    SSIDs broadcast.
    
    Interference on channels in use by 2.4 and 5GHz bands.
    
    Uptime: check physical connection of AP and POE settings/logs on switchport.
- Check DHCP settings on network including the DHCP pool to ensure it’s not full.
- Check licenses on controller and relevant WNMS.
If all of the above looks ok, check the wired DS for errors in the configuration. If none are found then open a ticket with the WLAN vendor to investigate a possible firmware bug.
December 20, 2024