Slashdot Mirror
Users Report Faulty WPA In 2nd-Gen IPod Touch
jesuscash writes "It seems early adopters of the new iPod Touch are out of luck when they bring it home and attempt to connect it to their WPA/WPA2 secured network. Reading this Apple forum thread shows that many tests with different configurations show a no-go on WPA. Some of the last entries give the best clue, revealing a 'received deauthentication' error in their router logs. Apple has yet to respond."
I would have thought this is the kind of undocumented feature that should have been picked up in the most cursory testing. If Apple was that hasty in bringing this product to market, they are not going to do their reputation any favours.
Step 28 of the Apple Product Cycle. Step 28 for the iPhone was the chipset, so maybe that's the problem with these scratches ... er, blue screens ... er, faulty plastic backs ... er, WPA network errors as well.
Seems it's very hard to push stuff out quickly without getting into quality issues. Problem for Apple is that they depend even more than Microsoft on locking in their users. One bad experience, and people will take the pain to find an alternative, and then escape.
I love my Mac gadgets but the deal seems to be going wrong, and my next MP3 player and phone is going to have to be a lot more open.
Because WEP is horribly, horribly broken, and the only two options an iPod touch has of connecting to an access point are to use WEP, which is almost as bad as plaintext at this point, or use plaintext.
... That WAS a car analogy, right?
To use the ever-present car analogy, it would be like one of a car's most advertised features only working if you removed all the locks, and then complaining that somebody covered it by saying "A single bug is worthy of coverage? Can I get a WTF?!".
If you can't get WPA or WPA2, then I think your chances of getting a WTF are close to zero.
To use the ever-present car analogy, it would be like one of a car's most advertised features only working if you removed all the locks
When a company grabs enough market share this sort of thing is bound to happen when they screw up. It becomes news. People like to hate the 'big guys' (MS Sony, etc) and frequently for very good reason. Imagine how sloppy they'd get if people weren't all over them for their mistakes.
Last time *I* checked, having unencrypted Wi-fi *does* renders Wi-fi completely useless. Useless as in having unknown people downloading terabytes of crap over your pipes in the dozens.
So yes, having no Wi-fi connection doesn't render an iPod completely useless, but it sure takes away most of the fun.
And no, I will not switch my Wi-fi over to unencrypted or laughable WEP. Not because of a single bugged device and not because anything else. Living near the city centre with 100 households or more within my Wi-fi range prohibits even thinking about that.
But it just works!
Mine works at two different locations that I set up.
Actually reading the linked thread (I know, I know..) the problem seems more linked to D-Link routers + iPod Touch, not iPod Touch can't do WPA. "Apple has yet to respond"? I don't see that anyone on that thread filled a bug report, how the hell do you expect them to respond unless you tell them???
Why the hell did this get promoted to the front page?
Pluralitas non est ponenda sine neccesitate
I'll probably get modded down for this, but there seems to have been a stream of negative Apple/iPod Touch articles lately
It's actually a subtle counter to Engadget's "We compare the iPhone to a plasma TV and find out which is better" articles.
Someone released some software with a bug in it!!! Thats never happened before!!!
Wipe the apple fanboi drivel from your chin, the ipod touch is getting slammed recently because apple have introduced a number of bugs for it with their awful 2.1 update. I suggest you check their forums to see just how many problems have occurred since this rubbish `upgrade'. You'll note apple has not acknowledged a single one. Playing the microsoft game of pretending there are no issues. They also prevent you from rolling back to a previous version. So it is tough-shit if you upgraded.
this just stinks of the same quality as the occasional "MS did something not noteworthy, but we can spin it to be negative"
Broken WPA is pretty bad. I mean this is a product that has supposedly finished testing and gone to market, and a basic network security/authentication feature isn't working. This is definitely news.
As for your comparison with Microsoft, consider what you would be saying if this had happened with the Zune.
Amnesty International
A real geek has a long random key for WPA, and passes it around on a pen drive.
Except the time I brought a Touch home from work for a while.
Copy and paste? What do you mean, no copy and paste? One of the key "insanely great" f'ing innovations of the 1984 Macintosh, and it can't be done?
Shook my head at that one.
Problem solved.
Deleted
My touch 2g with firmware 2.1.1 works fine with wpa2.
On a long enough timeline. The survival rate for everyone drops to zero. Chuck Palahniuk, Fight Club, 1996
wpa 1/2 has been supported by other consumer facing products for several years. Apple is supposed to be about high quality devices that we are happy to pay a premium for. Security is a big deal these days. For Apple to release a product with such a key feature horribly broken is - horrible; this is not a made-up complaint.
Horns are really just a broken halo.
That new iPod touch has a hw change on its Wifi. The disassembly showed it to be a BT+Wifi single chip design. Presumably its just a host driver/fw issue that will get resolved soon.
H.
Actually, this problem has existed for over a year, albeit with other Apple products. Many MacBook Pros running Leopard cannot connect through D-Link routers using WPA.
I know: I have one of these machines. In my house we have two iPhones (1st gen) and one MacBook Pro (Tiger) which connect just fine through my D-Link. But the MacBook Pro running Leopard cannot. (It can, however, connect just fine to an Airport device using WPA.)
I don't think it's a D-Link bug. Or else why would everything else under the sun work just fine, including all the guest machines who come over and log in? And it's not a general wireless issue, because the buggy Leopard machine connects through lots of other wireless routers.
I googled this a while back and there are a few other folks who have experienced this. No relief via any Leopard updates, either.
Is this one of those "if a tree falls in the forest would it make a sound" questions?
Has Apple ever acknowledged minor bugs, let alone major bugs or security vulnerabilities? No, they just silently fix them in the coming software updates. And I do mean silently, since they don't seem to release public changelogs either.
They don't pretend they're not issues, they just don't disclose them or "acknowledge" them, especially on their support forums which are community discussions. In the case of security vulnerabilities, I wish they would disclose some problems, but the simple fact is that they don't, and that's how it's always been.
Furthermore, for the record, I have no problems at all with 2.1, and the improvements were very welcome. Also, you certainly can roll back to previous versions. In iTunes you can select the firmware to "restore" to, so your last statement is just misinformation.
This author takes full ownership and responsibility for the unpopular opinions outlined above.
Sniffing the AP's traffic. That admittedly requires the AP to actually be used every now and then, but I wouldn't want to "secure" my wifi by not using it...
Zune - It takes Apple engineers to make it look good.
I know the WiFi is a latent 'me too' feature of the iPod, but holy crap Apple, between this and your handling of 3G you are starting to make your engineers look really stupid.
(PS This is news worthy, as I know a few people that have been waiting for this device and turning off WPA is probably not going to be an option for them at home, let alone at work where is mandatory.)
Some major points against your solution (I'm the AC you've responded to)
Proposed solution: not broadcasting SSID
Verdict:
a. anyone with entry level IT knowledge will be able to detect and connect to non-SSID-broadcasting APs. I don't want anyone to connect to my AP unauthorized. If everyone would be fair and could be trusted to not upload illegal material or download oodles of torrents, that would be fine, but in our current world, no.
b. anyone with mid to high level IT knowledge will be able to eavesdrop on any cleartext going over the air. I don't want anyone to listen to my connection, no matter I look for cookie recipes or make stock trade orders. There are several housemates on my WLAN with less than entry-level IT knowledge and it's my responsibility to protect them.
Proposed solution 2: restrict MAC entries.
Verdict:
a. I don't have enough time to actively administer my AP, so every housemate and their guest can use the net. SSID and password are pinned on the fridge, everyone who is trustworthy enough to enter our apartment is considered trustworthy enough to access our network until proven otherwise. With 5 roommates and several guests a month, everything else would be like a second job.
b. MACs can be spoofed. This may require mid-high-level IT knowledge, but I don't want anyone unauthorized on my net. See above entries: IT-un-savvy roommates, friends and guests need protection.
Conclusion: proposed solutions would be unworkable given my time constraints and requirements ("You can access my net IF you are able to access my apartment AND you don't bother me").
Personal opinion: redesigning network policies because of a single misbehaving or incompatible device is a waste of time.
You may be focusing specifically on OS updates, but Apple's security updates usually have a itemized description of each bug, including shout-outs to the people who reported them. You can usually get to it by following links from the description in Software Update, and you could probably find it via the website if you cared to.
In general, I think we're seeing a demographic disconnect with a lot of the comments here. To use the ever-popular car analogy, the overwhelming majority of car users just want their car to be a reliable form of transportation that "just works". Same with computers. We here are from a demographic that ranges from button-pushers to tinkerers to professional mechanics who could build a car from scratch, and our concerns are different than 95% of Windows/Apple users. Technical detail is our lifeblood, that's why we come here, but we don't expect it in the mass media any more than we expect our politicians to live up to the moral values they try to impose on the rest of us.
If WPA is broken on the new Touch (and it sounds like it is), then that's one stupid effing bug. I was thinking of getting one so I could play with programming a touch/gesture interface on what appears to be a very nice portable media display, but that's a show-stopper.
Proposed solution: lock down MAC access lists to prevent unauthorized access because encryption is reducing maximum net bandwidth between AP and client.
Verdict:
a. full protection against sniffing, eavesdropping and cracking attempts is needed all the time while maximum throughput is not. I don't know about the net effect on bandwidth but the speed limit is usually between AP and ISP for anything but demanding intranet file transfers. The considered maximum use case is less than three machines watching HD-video streams simultaneously from the inhouse file server. WPA2 is able to deliver this with a healthy margin.
b. There are users on my net with entry-level IT knowledge. It is absolutely unrealistic to assume they can be trained to use SSL when needed, let alone comprehend PGP or VPNs. Although this may be considered standard procedures by some, they are clearly not, within the general internet population. I don't want to undertake large educational projects, but make the best efforts to secure my part of the transit line. WPA2 can deliver this, as it is part of all recent OS'es and requires no special knowledge other than SSID and PASS.
c. VPNs could be argued to be standard procedures, too, given recent OS'es, but require more training or support that I'm able to give. Also, I don't want to implement numerous test cases to ensure that a VPN-ed setup does not allow for out-of-tunnel connections, which at least Windows will try to do under some circumstances (VPN down but WIFI online).
d. routers may be cheap, but I am cheaper. Additional electricity consumption (+10W idle) and equipment purchases are not my style.
Conclusion: proposed solutions do not fit requirements, time and budget contraints.
Personal opinion: it is ironic to propose VPN encryption after explicitly stating that encryption generally limits available bandwidth. In this contect, proposing PGP-encrypted emails through an SSL-encrypted link to the email provider using a VPN-encrypted last mile access is pretty laughable. Purchasing 50 EUR worth of equipment that consumes 30 EUR worth of electricity per year, redesigning the local network and educate several users to offset for the shortcomings of one single device is perverse.
Spell Apple with the Euro symbol for the E.
Can't, reliably, unless you mean actually spelling out the three-letter currency sign as in "ApplEUR" or "AppGBPe". Due to past abuses of directional overrides, Slashdot is not configured to work well with code points U+0100 and above. Heck, I haven't even got Firefox 3 + Slashdot D2 to work reliably with U+00A0 through U+00FF.
Forget the Zune, what about XP? At least as of SP2, the ability to even connect to a WPA2 network (and maybe WPA as well) is provided by a non-critical hotfix that requires WGA authentication to download. Apple may not publicly acknowledge bugs, but at least they're not forcing you ensure you've got a Genuine® iPodâ before being allowed to get to a patch that adds functionality that was left out entirely to begin with.
This may have been addressed in SP3; I have no idea - there are no XP SP3 systems on my wireless network (3 Macs, 1 Vista, and 1 XP SP2 system from the office that's had the aforementioned patch applied).
Bugs happen. It sucks. But all programmers know this. Apple's way of dealing with them certainly rubs the fur of Slashdot's FOSS crowd the wrong way, but nobody has forced any of us to buy their products. The 2.0.0 firmware was quite buggy, and the 2.0.1 and 2.0.2 updates addressed some of those bugs. Given some of the fairly major changes in 2.1 (mostly bugfixes almost as a service pack of sorts, but the iPod app got quite a few new features and interface tweaks if nothing else), you have to expect that 2.1.1 will address what's been introduced. There were a lot of network-related changes made in 2.1 to address dropped call issues in the iPhones, and as the software is mostly identical between the iPhone and iPod Touch, it's certainly likely that one of those changes introduced these bugs.
How are sites slashdotted when nobody reads TFAs?
From a quick RTFA the initial user has a DLink router.
FWIW, I bought a DLink wireless router a year or so back for my home network, don't recall the model, that would not do WPA2/TKIP with Windows (yeah, I know) Vista or XP, or my PSP. I'm an experienced network engineer, not a novice. It took a couple days fooling with it, several support emails, and then several hours on the phone with DLink before they finally said WPA was broke and to use WEP. IIRC Windoz was logging authentication errors.
The DLink got returned and replaced with a Netgear WGR614 that worked the first time, and still works today.