D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-880L => Topic started by: Drax on April 08, 2018, 08:17:36 AM
-
I recently had my Wi-Fi hacked, and realized that my router was set up to allow WPA connections. Since WPA has a known security flaw, I'd like to disable that and require WPA2.
Even the latest firmware version (1.08WW, Wed 24 Jan 2018) only has the options None, WEP (which is even more insecure than WPA), and "WPA/WPA2-Personal". Is there really no way to disable WPA? I'm hoping that I'm missing something, since otherwise I probably need to buy a new router. :-(
-
I don't think that just WPA2 is possible on this router. I wish there was an option to select 'WPA2 Only'.
Perhaps a future fireware version for the DIR-880L will become configurable for WPA2 Only.
Also, I think that WPA3 is in the works by the WiFi industry.
Mark
-
All current DIR routers support WPA and WPA2. D-Link for some reason chooses to use Auto for both WPA and WPA2 options. Not sure why they don't offer WPA2 Only. Maybe for backwards compatibility.
Would need to see if your devices or wifi was really hacked or compromised. Need more information. How did you determine your wireless was hacked? You sure it's WPA? What devices do you have that are using WPA?
I recently had my Wi-Fi hacked, and realized that my router was set up to allow WPA connections. Since WPA has a known security flaw, I'd like to disable that and require WPA2.
Even the latest firmware version (1.08WW, Wed 24 Jan 2018) only has the options None, WEP (which is even more insecure than WPA), and "WPA/WPA2-Personal". Is there really no way to disable WPA? I'm hoping that I'm missing something, since otherwise I probably need to buy a new router. :-(
-
The router when set to AUTO will default to WPA2 if the client supports it, if not it will go to WPA. WPA2 has security flaws also (KRACK). Make sure you have the latest firmware and the latest drivers for your wireless adapters and latest updates for iOS and Android.
-
FurryNutz -
Slow speeds led me to check traffic stats, and I saw that there was a high amount of traffic. I then looked at the list of client devices, and saw that there was a wireless client I didn't recognize. That's how I figured I got hacked.
What devices do I have using WPA? None. Which is why I'd prefer to disable it. Am I sure that the hacker was using WPA? No, because I couldn't see anywhere on the router where I could tell which encryption scheme a user was using.
While I know, as GreenBay42 pointed out, that WPA2 has security flaws as well, I'd still rather not make it trivially easy for someone to steal my Wi-Fi, which is the case with WPA enabled.
-
WPA2 will have the best chance to help with attackers. Some WPA2 flaws have been fixes and are now being deployed.
http://forums.dlink.com/index.php?topic=73661.0 (http://forums.dlink.com/index.php?topic=73661.0)
You should be aware of whom you give your PW too and make sure it's a good safe PW to use.
You can also monitor your router for issues as well:
http://forums.dlink.com/index.php?topic=73659.0 (http://forums.dlink.com/index.php?topic=73659.0)
Over all it's up to you to make sure your devices are WPA2 compliant as well. The router does use WPA2 when it detects devices that do support that mode.
Good Luck.
-
Is there likely to be a WW or USA build of the firmware sometime soon? That link you gave was for the EU 1.20 firmware, but the latest WW firmware I can find is 1.08.
-
The EU version should work (note it is BETA). I've messaged the security team for a release date for the US.
-
I and one other user who notified me about this version have loaded it on our routers. Seems to be fine.
I presume USA will post there's when it ready. You're safe to use the EU version.
Is there likely to be a WW or USA build of the firmware sometime soon? That link you gave was for the EU 1.20 firmware, but the latest WW firmware I can find is 1.08.
-
Thanks. I can't install the "middle" part of the EU 1.20 firmware (1_DIR-880L_RevA_MiddleFirmware110b01.bin). I just get a message that "Firmware Upgrade failed!" without any additional diagnostic information.
I'm currently on WW 1.08b6 (beta 2), which similarly required installing a middle firmware step. Is it safe for me to just go straight from that version to the new firmware (2_DIR-880L_RevA_Firmware120b01-01-i3se.bin)? If not, is there some way to force the middle step?
-
Skip the middle firmware.
-
What browser are you using? Use IE11 or FF, I don't recommend Chrome.
-
I'm using FF. I was able to install EU 1.20 by skipping the middle firmware as GreenBay42 recommended.
Thanks for all of your help, although I still wish there was a way to disable WPA and require WPA2 like on my old router. From my research, it looks like D-Link is literally the only major brand that doesn't provide this option. :'(
-
You'll be fine. If your devices all support WPA2, i wouldn't worry too much about it.
-
You and I believe 1 other user has asked for this so it is something we do not hear much about. I can send this to the security team to check if this is something they can add but sometimes may be a limitation from the vendor. I personally have not heard of any recent specific vulnerabilities of WPA. If you can post anything regarding this please do. Most recent issues have been WPA2 which are fixed/being addressed.
-
Maybe only two people have asked for it here for the DIR-880L, but a quick site search turns up people asking for it for other DIR series routers, such as:
http://forums.dlink.com/index.php?topic=72964.0
and
http://forums.dlink.com/index.php?topic=66000.0
Actually, in that first link, GreenBay42 said of the DIR-868L, "Hmm I know Rev A did have the WPA2 only option. Not sure why they took that out. Unfortunately this product was discontinued a few years ago so not sure if any new firmware will be released."
I don't know how integrated the codebases are for the different DIR routers, but this suggests that this is a feature that has already been implemented, and then removed for some (probably ill-considered) reason.
But I guess I'll just add it to my list of features that I have to double-check before buying my next router. I've recently looked at manuals for several other brands, and all of them include a WPA2-only mode, so this seems to be a limitation unique to D-Link. Yeah, I get that most people won't notice or care, so it's probably not anything that will ever rise to the attention of a product manager. But it's just one more example of how poor D-Link's firmware support is compared to everyone else -- for example, note that the latest released (i.e. not beta) DIR-880L firmware is over two years old.
-
I encourage you to go to http://support.dlink.com/ReportVulnerabilities.aspx (http://support.dlink.com/ReportVulnerabilities.aspx) and fill out the form. I will have a tech submit something to headquarters in Taiwan to see if this option can be added or explain why it is taken out. I will talk to the security team today.