Posted in Commentary with tags WiFi on April 15, 2023 by itnerd
One of most common types of calls and emails that I get is from someone that has gone out and spent a pile of money on a supposedly fast WiFi router, and they aren’t getting the WiFi speeds that the box says that they should be getting. Thus they figure that they need the help of someone like me to figure out why as the person thinks that they did something wrong when setting it up.
The good news is that in most cases, the person who emailed or called me most likely did nothing wrong. The bad news is that they’ve never going to get the WiFi speeds that the box that the router came says that they should be getting. Ever.
At this point you’re likely saying “WTF? Seriously?” And the answer to that is “Yes. Seriously.” The thing to remember is that the speeds that are advertised on the box that your WiFi router came in are theoretical maximums which are likely derived in ideal conditions. As in inside a lab with no other WiFi networks within miles. The thing is that 99% of us don’t live in ideal conditions. Which means that 99% of us are having their WiFi networks competing with other WiFi networks. That alone will mean that you will take a speed hit regardless of how fast your WiFi router is. Then there’s your WiFi network having to deal with anything from cordless phones, baby monitors, walls and the like. That’s going to be another hit to your speed as well.
So why does all of that result in you take a speed hit over WiFi? Well, everything that I mentioned above is a form of interference. And how a WiFi router deals with interference is to negotiate a slower speed between itself and the client device, say your smart phone or laptop. Because pushing less data can make a wireless connection a lot more stable. And stability matters more than speed when it comes to WiFi routers.
Now if that’s not enough, there’s also the fact that the further you get away from your WiFi router, the slower your speed will get. That’s called path loss. And that path loss gets magnified depending on the WiFi band that’s in play. Specifically:
The 2.4 GHz band is can go the furthest, but is the slowest band in terms of speed. So you will get better stability the further that you go from the router. But you won’t be setting any WiFi speed records. And that speed will start to drop the further out you go.
The 5GHz band has a shorter range relative to 2.4 GHz signals. But is faster than the 2.4 GHz band. So you’ll get better speeds, but your speed will fall quickly the further away from the router that you get. And that speed will fall at a faster rate than the 2.4 GHz band.
Finally the new and cool 6GHz band is super fast, but has the shortest range of all of bands mentioned here. Which means that you need to be in a decent proximity to the router to get the gigabit or above speeds that this band is capable of. Or put another way, your speed will fall off even faster than the 5 GHz band.
The next thing that affects your speed is the fact that the devices that you are using might not support the same number of transmit and receive streams that router does. Here’s an example. I have an ASUS ZenWifi AX (XT8) mesh router. And it has the following transmit and receive streams per band:
2.4GHz 2×2: Meaning 2 transmit and 2 receive streams that has a maximum speed of up to 574 Mbps
5GHz-1 2×2: Meaning 2 transmit and 2 receive streams that has a maximum speed of up to 1201 Mbps
5GHz-2 4×4: Meaning 4 transmit and 4 receive streams that has a maximum speed of up to 4804 Mbps
Here’s why this matters to you. If you for example try to connect to the second 5GHz WiFi band with an iPhone 14 Pro which according to Apple’s specs is a 2×2 device which means it has two transmit and two receive streams, you will get less than half (if you’re lucky) of the 4804 Mbps speed as that band has four transmit and four receive streams. Meaning that your device is the bottleneck in terms of maximizing the speed that you could get.
Next up is the channel width. Here’s what pretty much every WiFi router has to play with in terms of channel width:
20 MHz
40 MHz
80 MHz
160 MHz
The bigger the number, the more space the router has to push data through. And that means faster speed for your devices. So the ideal situation is if you can use 160 MHz for everything. But, here’s the problem with that. Actually there’s two problems:
Your devices will likely not be able to leverage 160 MHz channel width at all, meaning that those devices can’t take advantage of that potential speed that it offers.
160 MHz is way more vulnerable to interference, making it next to unusable in a lot of use cases. In fact, when I investigate WiFi issues for a client, this is almost always the first thing that I check. And if I do find that the router is using 160 MHz, I set it back to 80 MHz and have the client try it. Their problems usually go away at this point.
And all of that assumes that 160 MHz is even available in your country. I say that because in some countries it isn’t available because it interferes with things like aircraft radar.
Sidebar: If you really want to go down the rabbit hole on this, click here for a really detailed discussion on this topic.
The final thing is how router companies advertise speed. And by extension, what’s printed on the box of the router that you’re interested in. Router companies promise insane speed numbers such as a maximum of 5400 Mbps of WiFi speed. The dirty little secret is that what they’re actually advertising is the maximum theoretical for all the bands added together, which is not how WiFi works as you’re typically connecting to a single band at a time.
The math gets them to 5378 Mbps, and I am guessing that it got rounded up to 5400 Mbps by some marketing human because 5400 Mbps sounds better. But the problem with that is that this is completely misleading for the consumer and leaves them with the impression that they should be getting faster WiFi speeds than they will actually get. I honestly wish that router companies would stop doing this as they are doing a great disservice to the consumer by using these numbers.
That’s a lot to take in. But let’s cut to what you might expect to see in the real world. And to illustrate what you might get in the real world, I will use my own environment. Now as mentioned above, I use the ASUS ZenWifi AX (XT8) mesh router which is a pair of nodes that that have a 2.4 GHz band, and two 5 GHz bands. I use the second 5GHz band for my wireless backhaul as that’s the faster of the two based on the fact that it has four transmit streams and four receive streams that should give me a maximum speed of 4804 Mbps. That means that by diving into my router’s configuration web page, I can figure out very easily if I am getting anywhere near 4804 Mbps that ASUS claims that I can get. Here’s what I am actually getting:
So this isn’t anywhere near the 4804 Mbps that I should be getting, which is not a surprise to me as I have to compete against 30 to 40 WiFi networks that are around me at any time which is sure to cause WiFi speeds to nosedive. There’s also the fact that the two nodes are about 20 feet apart with a concrete wall in between them which doesn’t help in terms of getting a fast connection. The bottom line is that this is the best maximum speed that the two nodes can do between each other.
But how about devices that connect to my network over WiFi? Here’s what my MacBook Pro gets in terms of the best possible speed that either of the nodes can provide:
Pro Tip: If you’re trying to figure you what you should get in terms of a maximum speed, which is what I am doing here, look at the speed that the individual bands as provided by the router manufacturer, and compare them to what speed your computer connects to the router at. This article can help you with that.
Keep in mind that this was taken three feet away from one of my nodes. So on the surface, seems good as it is the best case scenario that I can get given the fact that the 5GHz band in question maxes out at that speed because of the two transmit and two receive streams that it has. But let’s do a speed test out to to the Internet using my MacBook Pro and see what results we get:
I have a 1.5 Gbps down / 940 Mbps up (which actually runs 1.6 Gbps down / 1.05 Gbps up most of the time) Internet connection. And this was taken three feet away from the ASUS node that has the Bell Canada hardware plugged into it. So this may seem disappointing, but it actually isn’t. Ignoring the fact that the only truly accurate speed test is from the router itself or with a wired client plugged into the router, this is in line with other routers that I have tested in this environment. Meaning that the fact that my network has to deal with so many other WiFi networks means that this speed is lower than what I might get in a “cleaner” environment. It also means that while my MacBook Pro can in theory connect to WiFi at 1200 Mbps, in reality I am highly unlikely to see that speed.
Let’s say you do some similar testing, and you believe that your WiFi network is possibly underperforming. That’s when a call to a professional might be advised. If you have the data from your testing at hand, a professional should be able to draw some early conclusions before coming on site to confirm them. And that will help you to resolve whatever issue you have faster. But you should temper your expectations accordingly. You’re never going to insanely fast speeds from your WiFi. You’re only going to get the speeds that your environment allows. And hopefully this article will help you to understand the various factors that influence the speeds that you get.
Posted in Commentary with tags TikTok on April 15, 2023 by itnerd
Well, things are about to get interesting. Montana has become the first state to ban Chinese owned social media app TikTok. It needs the governors signature. But if he does sign it into law, it will mean this on the surface:
The bill, SB 419, makes it illegal for app stores to give users the option to download the app and also illegal for the company to operate within the state.
The bill does not, however, make it illegal for people who already have TikTok to use the app. A previous version of the bill sought to force internet providers to block TikTok, but that language was later removed.
The measure would prohibit downloads of TikTok in the state and would fine any “entity” — an app store or TikTok — $10,000 per day for each time someone “is offered the ability” to access or download the app. There would not be penalties for users.
The ban would not take effect until January 2024 and would become void if Congress passes a national measure or if TikTok severs its connections with China.
So if you don’t forcibly remove TikTok from people’s phones, and you’re only going to go after Apple and Google presumably with fines if they allow the download of TikTok, how is this a ban precisely? I assume that it is easy enough for Google and Apple to keep people from Montana from downloading TikTok. But one has to assume that VPN’s would quickly solve that problem. And side loading the app on the Android side of the fence would be another way to get past this “ban”. The bottom line is that this law is pretty ineffective and it’s symbolic at best. This illustrates the fact that banning TikTok is going to be tricky. Assuming if it’s even possible.
I don’t normally cover WhatsApp, but this announcement is important. WhatsApp has announced several new security features, one of them they are calling “Device Verification” designed to combat account takeover (ATO) attacks.
“Device Verification” is intended to prevent malware from using stolen authentication keys to impersonate accounts. Attackers’ account-hijacking attempts will automatically be blocked by undetectable back-end checks using three new parameters:
A security token stored on the device,
A nonce used to identify if the client is connecting to retrieve a message from WhatsApp’s servers, and
An authentication challenge that will asynchronously ping the user’s device
Furthermore, “Account Protect” will act as a double-check when WhatsApp accounts are being linked to new devices, alerting users of unauthorized account transfer attempts.
Lastly, “Automatic Security Codes” is a new cryptographic security feature that uses key transparency and the Auditable Key Directory (AKD) to allow WhatsApp clients to validate user encryption keys automatically and to confirm if end-to-end encryption is enabled.
I have two comments on this. The first is from George McGregor, VP, Approov:
“The announcement of integration of device verification into WhatsApp provides a clear message to the industry about the dangers of stolen authentication keys being used by cloned and copied mobile apps.
“All mobile app developers should take steps to prevent keys being stolen and exploited and there are solutions which can make it easy to manage keys properly and implement device and app attestation at runtime.”
“It’s encouraging to see applications like WhatsApp and other application vendors implement protection features for the host device – not just their internal application. WhatsApp seems to realize that hijacked accounts are bad for their business, and they need to deal with ATO attacks targeting user devices.”
I for one hope that this move by Meta will be copied by others as that will make us all safer. The bottom line is that this is a great idea that is long overdue.
Posted in Commentary with tags Google on April 15, 2023 by itnerd
Google is reporting that weak passwords accounted for almost half of security breaches affecting Google Cloud customers. Google is seeing nation state actors finding success exploiting “weak identity verification practices” according to Chris Porter, head of threat intelligence for Google Cloud “The percentage that’s a software issue or a zero-day, you know, it’s not zero, but it goes down and down and down. That’s a trend we generally expect to continue,” Porter said.
Google reports that compromise of API’s to gain permissions into a company systems is the second most common avenue of attack on their cloud systems and accounted for nearly one fifth of all reported incidents. They point out that ransomware attacks in the cloud, threatening to release stolen data, have become common events.
I have three comments on this. The first is from Willy Leichter, VP, Cyware:
“This report seems depressingly familiar, that our oldest security problems – poor password practices and leaked API credentials, lead to the majority of attacks. But we must move beyond our typical response – trying to train and cajole end-users to be more careful. We need to assume that users will be careless, design better defense-in-depth, and leverage the explosion of AI tools to detect poor security practices, and advanced attacks that will always find weak points to exploit.”
The next is from Roy Akerman, Co-Founder & CEO, Rezonate:
“This confirms the same exact information we have seen for the past decade. Identity was and remains the biggest risk, and the true “zero-day”, organization must address with priority. Current identity security approaches are fragmented across many tools and teams and does not fit today’s reality of a constantly changing infrastructure. Identity security hasn’t evolved for the past decade for the purpose of detecting identity exploitation. We were too busy managing and allowing access vs monitoring and detecting unauthorized access behaviors and a true end-to-end view across all stages of the identity lifecycle.”
The final comment is from George McGregor, VP, Approov:
“The combination of weak passwords and careless API key management is a dangerous cocktail which opens up APIs as an attack surface for hackers. Better discipline in general is of course important, but developers should also put in place runtime solutions to prevent stolen keys being exploited. This can be done effectively by using app and device attestation combined with secret management solutions which allow keys to be rotated immediately if compromised or changed.”
This is depressing and hopefully this report from Google serves as a wake up call to do better on the security front. Because we live in a time where not doing better will end badly more often than not.
Posted in Commentary with tags Uptycs on April 15, 2023 by itnerd
Following the recent MacStealer discovery, the Uptycs threat research team uncovered a new strain of malware, dubbed Zaraza bot,which targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors.
Specifically, Zaraza bot steals login credentials from 38 web browsers including Google Chrome, Microsoft Edge, Opera, AVG Browser, Brave, and Yandex.
The newly uncovered attack campaign uses infostealer malware. This browser stealer exfiltrates sensitive information such as login credentials for websites like bank accounts, cryptocurrency wallets, email accounts, and web pages. Attackers then use this stolen data for malicious purposes, namely identity theft, financial fraud, and unauthorized access to personal and business accounts.
Additional details can be found in a blog post that was released yesterday.
You’re Never Going To Get The WiFi Speeds That Are Printed On The Box That Your Router Came In…. Here’s Why
Posted in Commentary with tags WiFi on April 15, 2023 by itnerdOne of most common types of calls and emails that I get is from someone that has gone out and spent a pile of money on a supposedly fast WiFi router, and they aren’t getting the WiFi speeds that the box says that they should be getting. Thus they figure that they need the help of someone like me to figure out why as the person thinks that they did something wrong when setting it up.
The good news is that in most cases, the person who emailed or called me most likely did nothing wrong. The bad news is that they’ve never going to get the WiFi speeds that the box that the router came says that they should be getting. Ever.
At this point you’re likely saying “WTF? Seriously?” And the answer to that is “Yes. Seriously.” The thing to remember is that the speeds that are advertised on the box that your WiFi router came in are theoretical maximums which are likely derived in ideal conditions. As in inside a lab with no other WiFi networks within miles. The thing is that 99% of us don’t live in ideal conditions. Which means that 99% of us are having their WiFi networks competing with other WiFi networks. That alone will mean that you will take a speed hit regardless of how fast your WiFi router is. Then there’s your WiFi network having to deal with anything from cordless phones, baby monitors, walls and the like. That’s going to be another hit to your speed as well.
So why does all of that result in you take a speed hit over WiFi? Well, everything that I mentioned above is a form of interference. And how a WiFi router deals with interference is to negotiate a slower speed between itself and the client device, say your smart phone or laptop. Because pushing less data can make a wireless connection a lot more stable. And stability matters more than speed when it comes to WiFi routers.
Now if that’s not enough, there’s also the fact that the further you get away from your WiFi router, the slower your speed will get. That’s called path loss. And that path loss gets magnified depending on the WiFi band that’s in play. Specifically:
The next thing that affects your speed is the fact that the devices that you are using might not support the same number of transmit and receive streams that router does. Here’s an example. I have an ASUS ZenWifi AX (XT8) mesh router. And it has the following transmit and receive streams per band:
Here’s why this matters to you. If you for example try to connect to the second 5GHz WiFi band with an iPhone 14 Pro which according to Apple’s specs is a 2×2 device which means it has two transmit and two receive streams, you will get less than half (if you’re lucky) of the 4804 Mbps speed as that band has four transmit and four receive streams. Meaning that your device is the bottleneck in terms of maximizing the speed that you could get.
Next up is the channel width. Here’s what pretty much every WiFi router has to play with in terms of channel width:
The bigger the number, the more space the router has to push data through. And that means faster speed for your devices. So the ideal situation is if you can use 160 MHz for everything. But, here’s the problem with that. Actually there’s two problems:
And all of that assumes that 160 MHz is even available in your country. I say that because in some countries it isn’t available because it interferes with things like aircraft radar.
Sidebar: If you really want to go down the rabbit hole on this, click here for a really detailed discussion on this topic.
The final thing is how router companies advertise speed. And by extension, what’s printed on the box of the router that you’re interested in. Router companies promise insane speed numbers such as a maximum of 5400 Mbps of WiFi speed. The dirty little secret is that what they’re actually advertising is the maximum theoretical for all the bands added together, which is not how WiFi works as you’re typically connecting to a single band at a time.
Let’s look at a real world example of this. Here’s the TP-Link webpage for the Archer WiFi 6E router that I recently reviewed. On it you’ll see this:
They get that by doing this math from this page:
The math gets them to 5378 Mbps, and I am guessing that it got rounded up to 5400 Mbps by some marketing human because 5400 Mbps sounds better. But the problem with that is that this is completely misleading for the consumer and leaves them with the impression that they should be getting faster WiFi speeds than they will actually get. I honestly wish that router companies would stop doing this as they are doing a great disservice to the consumer by using these numbers.
That’s a lot to take in. But let’s cut to what you might expect to see in the real world. And to illustrate what you might get in the real world, I will use my own environment. Now as mentioned above, I use the ASUS ZenWifi AX (XT8) mesh router which is a pair of nodes that that have a 2.4 GHz band, and two 5 GHz bands. I use the second 5GHz band for my wireless backhaul as that’s the faster of the two based on the fact that it has four transmit streams and four receive streams that should give me a maximum speed of 4804 Mbps. That means that by diving into my router’s configuration web page, I can figure out very easily if I am getting anywhere near 4804 Mbps that ASUS claims that I can get. Here’s what I am actually getting:
So this isn’t anywhere near the 4804 Mbps that I should be getting, which is not a surprise to me as I have to compete against 30 to 40 WiFi networks that are around me at any time which is sure to cause WiFi speeds to nosedive. There’s also the fact that the two nodes are about 20 feet apart with a concrete wall in between them which doesn’t help in terms of getting a fast connection. The bottom line is that this is the best maximum speed that the two nodes can do between each other.
But how about devices that connect to my network over WiFi? Here’s what my MacBook Pro gets in terms of the best possible speed that either of the nodes can provide:
Pro Tip: If you’re trying to figure you what you should get in terms of a maximum speed, which is what I am doing here, look at the speed that the individual bands as provided by the router manufacturer, and compare them to what speed your computer connects to the router at. This article can help you with that.
Keep in mind that this was taken three feet away from one of my nodes. So on the surface, seems good as it is the best case scenario that I can get given the fact that the 5GHz band in question maxes out at that speed because of the two transmit and two receive streams that it has. But let’s do a speed test out to to the Internet using my MacBook Pro and see what results we get:
I have a 1.5 Gbps down / 940 Mbps up (which actually runs 1.6 Gbps down / 1.05 Gbps up most of the time) Internet connection. And this was taken three feet away from the ASUS node that has the Bell Canada hardware plugged into it. So this may seem disappointing, but it actually isn’t. Ignoring the fact that the only truly accurate speed test is from the router itself or with a wired client plugged into the router, this is in line with other routers that I have tested in this environment. Meaning that the fact that my network has to deal with so many other WiFi networks means that this speed is lower than what I might get in a “cleaner” environment. It also means that while my MacBook Pro can in theory connect to WiFi at 1200 Mbps, in reality I am highly unlikely to see that speed.
Let’s say you do some similar testing, and you believe that your WiFi network is possibly underperforming. That’s when a call to a professional might be advised. If you have the data from your testing at hand, a professional should be able to draw some early conclusions before coming on site to confirm them. And that will help you to resolve whatever issue you have faster. But you should temper your expectations accordingly. You’re never going to insanely fast speeds from your WiFi. You’re only going to get the speeds that your environment allows. And hopefully this article will help you to understand the various factors that influence the speeds that you get.
Leave a comment »