Security and Breaking Old Stuff

I recently replaced our home wireless network with an eero mesh. I wanted to get something that worked better than the old configuration, and I wanted to replace the old network without anyone else in the house noticing. So I wanted to have no changes of network names, passwords, or configurations. I figured I should be able to take down the old network, put up the new network, and be done. As long as I was the only person in the house at the time I did the work, no-one else would know.

It was a very easy process, and I congratulate eero on packaging the technology so well. The final result was definitely an improvement in coverage: for example, my wife is now happily using WiFi on a porch that didn’t have service before. However, I didn’t quite achieve the goal of a seamless transition. In particular, my wireless printer stopped working.

A little investigation revealed that this was a feature not a bug (as programmers love to say). The eero website acknowledges that they only implement the latest and greatest WiFi security technology. Since my printer doesn’t implement that same mechanism, the eero devices refuse to let it on the network.

The eero website casts this difficult situation as a noble choice: they care so much about my security, they are unwilling to let weak protocols and insecure devices on the network. I think that’s a defensible position, but I bet it’s not as straightforward as they make it sound.

For one thing, I suspect that this decision was partly informed by a desire to reduce costs of eero software development. I’ve worked in startups, and I am familiar with both the need to set priorities and the need to make a virtue out of necessity. If eero were to support my printer’s older protocol, that would cost additional resources to write and test the additional software required on eero’s devices.

A subtler issue is that the threat model for eero devices would also become more complicated. That is, the eero developers would have to be concerned not only with constructing the older mechanism for talking to my printer – they would also have to be concerned about the ways in which that mechanism might be subverted, and whether that could lead to new avenues of attack on the eero device itself.

So I don’t blame the eero folks for deciding that this bundle of costs and headaches was too much trouble. After all, even if I can’t use the wireless connectivity of the printer any more, I can still use a wired connection between the printer and an eero device. Even though I don’t currently have an eero next to the printer, it’s not hard to move one there. Effectively, the eero system has enough flexibility in its internal communications to make up for its annoying inflexibility in its external communications.

Still, part of me wishes that eero had implemented the older protocol, perhaps as an optional feature that I could enable after acknowledging many warnings like “Are you sure you want to make your network insecure?” It would have allowed me to achieve my goal of a completely seamless transition.

However, I also recognize that the tiny number of cases like mine – where an expert is trying to achieve a more graceful transition – would be dwarfed by the number of situations where people would inadvertently make their whole network a magnet for trouble. So although I think that the eero folks are perhaps “spinning” their design in a way that selectively highlights selfless motives while suppressing selfish ones, on balance I guess they made the right choice.

Leave a Comment