Users Report Faulty WPA In 2nd-Gen IPod Touch 188
jesuscash writes "It seems early adopters of the new iPod Touch are out of luck when they bring it home and attempt to connect it to their WPA/WPA2 secured network. Reading this Apple forum thread shows that many tests with different configurations show a no-go on WPA. Some of the last entries give the best clue, revealing a 'received deauthentication' error in their router logs. Apple has yet to respond."
QC? (Score:4, Insightful)
Re: (Score:3, Interesting)
Maybe Steve's policy of not significantly increasing engineering staff is finally biting Apple in the ass. I know that when I use my Mac nowadays its hard to remember that I
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Advertising it "just works" means people will go out of their way to prove it doesn't.
Um, I have two words for you: No.
In my experience, Apple rarely gets it right, even when *I* go out of my way to make it work. For example, using the help feature. I tried to add a .flac track to iTunes, and it didn't work. Okay, so I need to check which file types are allowed on iTunes and iPods. So I use their help feature, and search for every possible combination of words that would call up that information, and every time got no results. Try it for yourself!
How the hell can you make a help feature
Re: (Score:2)
The media? Hard on Apple?! They've been giving them free advertising for the iPod and the iPhone for two years running.
Maybe, just maybe, the rampant fanboism is no longer able to paper over the fact that the emperor has no clothes?
Mart
Fat Steve/Skinny Steve (Score:2)
It's sort of the inverse of Fat Elvis/Skinny Elvis.
Things have really gone down the intertubes since Steve went all macrobiotic and emaciated on us. There seems to be a definite correlation between Steve's mass and Apple product quality.
Maybe it's time for Jobs to spend some "quality time" at Old Country Buffet.
Re:QC? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
But there are more people with no problems with Leopard than people with no problems with Vista.
How would you or anybody else know? The people with no problems don't bitch. The people who do bitch aren't necessarily even people with the product to have problems with. Noise on the internet != scientific statistical survey.
Re: (Score:2)
But there are more people with no problems with Leopard than people with no problems with Vista.
How would you or anybody else know? The people with no problems don't bitch. The people who do bitch aren't necessarily even people with the product to have problems with. Noise on the internet != scientific statistical survey.
Isn't it odd that you use this in defense of Microsoft in a discussion about an "article" that is nothing but a link to a bunch of people bitching about an Apple product? Ignoring that all people bitching seem to have D-Link routers?
Re: (Score:2)
Isn't it odd that you use this in defense of Microsoft in a discussion about an "article" that is nothing but a link to a bunch of people bitching about an Apple product?
Nope.
Wouldn't be weird if I said there were only 96 people in the world that are having this problem?
Re: (Score:3, Funny)
Re: (Score:2)
Step 28 ... (Score:4, Funny)
The Sony Syndrome (Score:2, Interesting)
Seems it's very hard to push stuff out quickly without getting into quality issues. Problem for Apple is that they depend even more than Microsoft on locking in their users. One bad experience, and people will take the pain to find an alternative, and then escape.
I love my Mac gadgets but the deal seems to be going wrong, and my next MP3 player and phone is going to have to be a lot more open.
Re: (Score:2, Interesting)
Re:The Sony Syndrome (Score:4, Insightful)
But WPA encryption is something huge!
Since WEP doesn't work this means that you can only connect to unsecured network. And I'm not going to remove encryption because Timmy with his iPod Touch wants to check his mails.
Re:The Sony Syndrome (Score:5, Insightful)
And I'm not going to remove encryption because Timmy with his iPod Touch wants to check his mails.
Unless "Timmy" is your clueless CEO and goes "Me got present from wife. Me want to check email"
Re: (Score:2)
I'd be surprised if your CEO has no blackberry.
On the other hand, if you and your CEO are unable to collectively decide that checking emails with the new toy is sooo not worth risking company secrets and the infrastructure change required by this, then you're either incompetent (if you can't explain the disadvantages in layman's terms so CEO understands) OR you are in a doomed company anyway (CEO that doesn't understand even the most basic tenets of security and confidentiality).
If your CEO successfully for
What "wired equivalent" means (Score:2)
Since WEP doesn't work
A 26-digit WEP key + MAC whitelist is better than nothing. Any cracker who gets in will have demonstrated intent to penetrate your network, possibly the same amount of intent as someone who finds and plugs into a wired Ethernet jack. That's why it's called "wired equivalent privacy".
Re: (Score:2)
Uhm, no?
WEP+MAC whitelisting is fake security. MACs can be spoofed easily, and WEP is broken.
And as for your comparison to wired Ethernet: when was the last time you saw wired Ethernet hooked up to a hub? Because that's what the equivalent of wireless is: broadcast traffic that anyone can read.
Mart
Don't try to outrun the tiger (Score:2)
MACs can be spoofed easily, and WEP is broken.
If a hungry tiger is chasing you and another explorer, you don't have to outrun the tiger, just the other explorer.
Some devices, such as the Nintendo DS handheld computer, will never be upgraded to work with WPA. If you have legacy devices on your network, the point isn't perfect security as much as "good enough" security. A wardriver confronted with SSID Foo with WEP + MAC whitelisting and SSID Baz with no access control at all will try to connect to Baz before Foo. True, a few minutes of logging WEP pa [theinquirer.net]
Re: (Score:2)
The needless "hurry" and pissing contest has hit both Microsoft and Apple, it is really hard to understand why they hurry.
It is not just iPod/iPhone... Look at Vista first edition, Leopard 10.5.0 and lately, iTunes 8 for Windows.
What do they have to prove? What would happen if Vista and Leopard was delayed for more testing? What is that hurry for?
No problems here... (Score:5, Interesting)
Mine works at two different locations that I set up.
Re:No problems here... (Score:4, Insightful)
And mine doesn't. Which is fun, because after it fails, you get to re-enter the entire 64 digit WPA key on the little keyboard, which would be much less annoying if the fuckers at Apple didn't place the numbers and letters on different keypads that you have to toggle between.
When I tried using WEP, the damned thing didn't work with a standard password, so I got to enter that in hex too. (That did work.)
So you'd think someone, somewhere, would realize a little "hex" keyboard would be a godsend when entering wireless keys if they're not going to allow copy-and-paste.
Or they could be REALLY smart and allow you to set the key from iTunes.
But in any case, it in fact does not actually work. So now we have several anecdotes, and therefore data, right?
Re: (Score:2)
Both my iPhone 3G and my original series iPod Touch have been working flawlessly with WPA, so the problem is apparently not in the core 2.1 OS...
Re: (Score:2)
Re: (Score:2)
Mac is soo great, it just wo
Problem seems to be with D-Link routers... (Score:5, Insightful)
Actually reading the linked thread (I know, I know..) the problem seems more linked to D-Link routers + iPod Touch, not iPod Touch can't do WPA. "Apple has yet to respond"? I don't see that anyone on that thread filled a bug report, how the hell do you expect them to respond unless you tell them???
Why the hell did this get promoted to the front page?
Re:Problem seems to be with D-Link routers... (Score:4, Interesting)
Why the hell did this get promoted to the front page?
We have personally confirmed the failing on three DLink models, and one Linksys model so far. Thread shows other Linksys models and Belkin models as well it appears.
http://discussions.apple.com/message.jspa?messageID=8066893#8066893 [apple.com]
Thats why it made the front page.
Re: (Score:3, Informative)
My roommate got a MacBook recently, and he couldn't connect to our D-Link router. The fix was to put his MAC address directly into the router's DHCP config.
Actually, this isn't the first time this has happened. It's occured with Thinkpads and Linksys cards, and my D-Link card. Doing the MAC address thing and assigning static IPs solved a lot of problems with this router.
Re: (Score:3, Insightful)
You do realize that if you replace "Slashdot" with pretty much any other group of humans this side of Cute Overload [cuteoverload.com] (who have their own problems), it would still work?
Re: (Score:2)
I think this attitude comes from the end of WWII where after seeing the evils that the Nazis did, with all the Germans just kinda letting it happen.
I think it's because people here use opinions to make themselves sound intelligent. "I wouldn't use the most popular product on the market. Instead, I'd use this one you've never heard of that's harder to use because it supports an obscure protocol that doesn't actually do me any good but the acronym sounds cool. Go back to your kiddie product."
Re: (Score:2)
Re: (Score:2)
does this constitute an occurrence of Godwin's law?
If it does constitute Godwin's law, and I think it does, all discussions on this topic must stop... Though since this is slashdot, that is unlikely to happen. ;-)
Re: (Score:2)
"As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one." -- Godwin There's nothing about stopping or any need for slashbaiting.
ISTR an extension of Godwin's law in "New Hacker's Dictionary" and the "Jargon File" that did say that:
Stop the presses! (Score:5, Funny)
Re: (Score:3, Insightful)
But this is from a closed-source company that had the arrogance to claim that its products 'just work'.
This is WPA, ffs. It's not rocket science to get this to work properly.
Apple has failed to test its product properly before releasing it. That is worthy of comment and condemnation.
Re: (Score:3, Funny)
I'll bet you a month's subscription to Slashdot that it works on Airports ...
They probably tested it with all the Airport's they could find in the building. What's your problem?
Re: (Score:2)
Because open-source companies have never claimed that it's products just work? I'm not making accusations or defending either side here, but would like to point out that Mozilla continues to deny the existence of memory leaks in Firefox, which I'd argue are no more or less rocket science to fix than implementing WPA.
And FWIW, I don't think I've once seen Apple, Inc. make the claim that it's products "just work". The myriad fanboys and evangelists do, certainly. My experience has been since my switch seve
WPA on the iphone/ipod was a joke anyway. (Score:5, Interesting)
A real geek has a long random key for WPA, and passes it around on a pen drive.
Except the time I brought a Touch home from work for a while.
Copy and paste? What do you mean, no copy and paste? One of the key "insanely great" f'ing innovations of the 1984 Macintosh, and it can't be done?
Shook my head at that one.
Re: (Score:2)
But a true geek has a 63 character randomly generated complex WPA Key.
But I agree with you there, its safer to have a complex password stored on a text file on your desktop labelled "WPA Key" then to have a short and easy to remember WPA Key because if they can read that file they've already gotten past your security (Although I'm certain that the file itself will be password protected, although my interfaces file is not).
Re: (Score:2)
In the case of the touch, you'd mail it to yourself, save it as a Text note, view it from a temporary webpage, or something similar.
Re: (Score:3, Insightful)
A real geek uses eap-tls
A real geek has a long random key for WPA, and passes it around on a pen drive.
A real hacker leaves the network open and uses openvpn to connect to his gateway.
So... Don't buy one (Score:3, Insightful)
Problem solved.
Get a linksys router then (Score:5, Informative)
new BRCM chip (Score:3, Interesting)
That new iPod touch has a hw change on its Wifi. The disassembly showed it to be a BT+Wifi single chip design. Presumably its just a host driver/fw issue that will get resolved soon.
H.
An old problem, resurfaced (Score:3, Interesting)
Actually, this problem has existed for over a year, albeit with other Apple products. Many MacBook Pros running Leopard cannot connect through D-Link routers using WPA.
I know: I have one of these machines. In my house we have two iPhones (1st gen) and one MacBook Pro (Tiger) which connect just fine through my D-Link. But the MacBook Pro running Leopard cannot. (It can, however, connect just fine to an Airport device using WPA.)
I don't think it's a D-Link bug. Or else why would everything else under the sun work just fine, including all the guest machines who come over and log in? And it's not a general wireless issue, because the buggy Leopard machine connects through lots of other wireless routers.
I googled this a while back and there are a few other folks who have experienced this. No relief via any Leopard updates, either.
Re: (Score:2, Informative)
I have a D-Link DIR-655 set up with WPA. I'm typing this comment on a MacBook Pro running Leopard. Never had a problem with this combo. Neither has my wife with her MacBook/Leopard.
Are you using 802.11n? Compatibility issues are rife with this protocol :-/
Re: (Score:2)
I have a D-Link draft 802.11n router, Leopard (latest version as of today), and a Macbook Pro and it connects just fine. The problem isn't just n+leopard+Intel macs. I do not, however, have an iPod touch of any kind, just an iPhone, and that works fine with my network.
We're already owed one update this month as it is (push is missing, ahem) so hopefully that one will contain a fix for the WPA problems.
I hate entering the key/password. (Score:2)
I was entering a key/password for a client's new iPod Touch (v1 firmware). I kept hitting the wrong buttons and keys (my fingers suck) and I don't know if I made typos (stupid asterisks). Horrible usability. I bet it was designed for open/unencrypted WAPs. It took me like five attempts and 15 minutes to get it to work!
Re: (Score:2)
You do realize firmware 2.0 upgrade shows you the last key you pressed on the password screen, right? This problem is gone as of July.
Re: (Score:2)
Ah. I am using v1 but the upgrade isn't free. :( Funny how my client just bought iPod Touch two days ago! Even new ones aren't free to upgrade from what I read.
Re: (Score:2)
It is if you already have 2.0, not if you don't. (note: I am one of the people who thinks that the SOX explanation for the charges doesn't ring true, but the charge is there nevertheless).
Zune - Engineers - Apple Software is bad... (Score:3, Funny)
Zune - It takes Apple engineers to make it look good.
I know the WiFi is a latent 'me too' feature of the iPod, but holy crap Apple, between this and your handling of 3G you are starting to make your engineers look really stupid.
(PS This is news worthy, as I know a few people that have been waiting for this device and turning off WPA is probably not going to be an option for them at home, let alone at work where is mandatory.)
Interesting (Score:2)
My mom's airbook gets the same problem. It deauthenticates every like 5 minutes while she is using it.
Might be partially a DLink problem (Score:2, Interesting)
From a quick RTFA the initial user has a DLink router.
FWIW, I bought a DLink wireless router a year or so back for my home network, don't recall the model, that would not do WPA2/TKIP with Windows (yeah, I know) Vista or XP, or my PSP. I'm an experienced network engineer, not a novice. It took a couple days fooling with it, several support emails, and then several hours on the phone with DLink before they finally said WPA was broke and to use WEP. IIRC Windoz was logging authentication errors.
The DLink g
My son is having a similar problem with his.... (Score:2)
Apple doing a LOT of shoddy work lately (Score:2)
Apple seems to be doing a lot of pretty shoddy development and testing lately. The iPhone 3G had many, many well documented problems, the iTunes 8.0 update crashed Vista and now this. How can anyone release a WiFi product without testing WPA/WPA2? Amazing. Clearly they care more about glitz and PR than product quality.
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Insightful)
To use the ever-present car analogy, it would be like one of a car's most advertised features only working if you removed all the locks, and then complaining that somebody covered it by saying "A single bug is worthy of coverage? Can I get a WTF?!".
Re: (Score:2, Informative)
To use the ever-present car analogy, it would be like one of a car's most advertised features only working if you removed all the locks
Re: (Score:2, Insightful)
Last time *I* checked, having unencrypted Wi-fi *does* renders Wi-fi completely useless. Useless as in having unknown people downloading terabytes of crap over your pipes in the dozens.
So yes, having no Wi-fi connection doesn't render an iPod completely useless, but it sure takes away most of the fun.
And no, I will not switch my Wi-fi over to unencrypted or laughable WEP. Not because of a single bugged device and not because anything else. Living near the city centre with 100 households or more within my Wi
Re: (Score:2)
You know, you could just lock down the list of mac addresses that are cleared to access the WAP...
Cuts down the traffic quite a bit, I imagine. Also, you could just not broadcast the SID...
Re: (Score:2)
Huh... that's what i thought everyone did....
Encryption slows everything down, so your already limited bandwidth over WiFI is cut even more...
then add multiple machines sharing that over encrypted channels...
Really if you need an encrypted channel your best bet is to set up a VPN to where you want to go securely.
Websites that need secure channels already do so with SSL, email can be done with PGP... then there's SSH and again VPNs.
If you just have to have an encrypted WiFI network available, routers are che
Re: (Score:3, Insightful)
Proposed solution: lock down MAC access lists to prevent unauthorized access because encryption is reducing maximum net bandwidth between AP and client.
Verdict:
a. full protection against sniffing, eavesdropping and cracking attempts is needed all the time while maximum throughput is not. I don't know about the net effect on bandwidth but the speed limit is usually between AP and ISP for anything but demanding intranet file transfers. The considered maximum use case is less than three machines watching HD-vi
How well does webmail work with PGP? (Score:2)
Websites that need secure channels already do so with SSL, email can be done with PGP
Unless your e-mail buddies don't know how to hook up PGP support in their e-mail clients, or they use webmail and don't have access to Firefox with Greasemonkey [langenhoven.com].
Re: (Score:3, Informative)
Some major points against your solution (I'm the AC you've responded to)
Proposed solution: not broadcasting SSID
Verdict:
a. anyone with entry level IT knowledge will be able to detect and connect to non-SSID-broadcasting APs. I don't want anyone to connect to my AP unauthorized. If everyone would be fair and could be trusted to not upload illegal material or download oodles of torrents, that would be fine, but in our current world, no.
b. anyone with mid to high level IT knowledge will be able to eavesdrop on
Re: (Score:2)
That won't do anything. On my laptop Vista shows non-broadcast networks and marks them as "Unnamed network". This was it's default setting; I didn't do anything to turn this mode on... I don't think it'd be that hard to find out what the SSID is either.
Re: (Score:2)
How do you find a MAC address that works?
Re: (Score:2, Informative)
Re: (Score:2)
Yeah, but if you're living in the city center where there are 100+ households within range of the AP as the original poster is, chances are that at least one of them has a WiFi AP with lower security settings. Unless the hacker is specifically targeting YOU or YOUR data rather than wanting either to just play around or get online, it's more than enough. And if they're just playing around, having the extra security may make you MORE of a target since you'd be the biggest challenge.
Re: (Score:2)
If I have your mac, I can de-auth you. When that happens, I see you reauth. I do this enough times, I can brute your key out of those auth exchanges.
Granted, you need to be using a stupid key to make that worthwhile, but WPA itself is not perfect.
Re: (Score:2)
Yes, people who were willing to break encryption or spoof MACs can get in. But most people wouldn't, which eliminates 99% of the purported problem, and the people that would are demonstrably breaking the law while standing within ~200 feet of you, which should be it reasonably easy to go stop them.
Intent (Score:2)
I would assume that almost everybody capable of cracking WEP also knows how to spoof a MAC adress
Remember that if you and someone else are running away from a tiger, you don't have to outrun the tiger. Likewise, if you use WEP + MAC whitelisting on your AP, someone will hit the open APs long before yours. So I would assume that almost everybody who actually does crack WEP does so with the same level of intent [wikipedia.org] as someone who enters your premises and connects to a wired Ethernet jack, and if you can catch the crook, you can haul his behind to small claims court.
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Funny)
If you can't get WPA or WPA2, then I think your chances of getting a WTF are close to zero.
Re: (Score:2, Insightful)
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Insightful)
Re: (Score:2, Funny)
I'll probably get modded down for this, but there seems to have been a stream of negative Apple/iPod Touch articles lately
It's actually a subtle counter to Engadget's "We compare the iPhone to a plasma TV and find out which is better" articles.
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Insightful)
Wipe the apple fanboi drivel from your chin, the ipod touch is getting slammed recently because apple have introduced a number of bugs for it with their awful 2.1 update. I suggest you check their forums to see just how many problems have occurred since this rubbish `upgrade'. You'll note apple has not acknowledged a single one. Playing the microsoft game of pretending there are no issues. They also prevent you from rolling back to a previous version. So it is tough-shit if you upgraded.
Re: (Score:3, Interesting)
They don't pretend they're not issues, they just don't disclose them or "acknowledge" them, especially on their support forums which are community discussions. In the case of security vulnerabilities, I wish they would disclose some problems, but the simple fact is that
Re: (Score:2, Interesting)
You may be focusing specifically on OS updates, but Apple's security updates usually have a itemized description of each bug, including shout-outs to the people who reported them. You can usually get to it by following links from the description in Software Update, and you could probably find it via the website if you cared to.
In general, I think we're seeing a demographic disconnect with a lot of the comments here. To use the ever-popular car analogy, the overwhelming majority of car users just want thei
Re: (Score:2)
That silent fix procedure is one of the main reason we will probably see any Linux distro faster in the general business populace than software or hardware from Apple Inc.
It's hard enough to maintain a heterogenous client-server environment when all relevant vendors offer full changelogs for each update and hotfix. More often than not, they still affect areas and functions they didn't even touch.
Just imagine maintaining a network full of hard and software with updates for which only God and Steve Jobs know
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Insightful)
this just stinks of the same quality as the occasional "MS did something not noteworthy, but we can spin it to be negative"
Broken WPA is pretty bad. I mean this is a product that has supposedly finished testing and gone to market, and a basic network security/authentication feature isn't working. This is definitely news.
As for your comparison with Microsoft, consider what you would be saying if this had happened with the Zune.
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Funny)
Is this one of those "if a tree falls in the forest would it make a sound" questions?
Re: (Score:2)
Re: (Score:3, Interesting)
Forget the Zune, what about XP? At least as of SP2, the ability to even connect to a WPA2 network (and maybe WPA as well) is provided by a non-critical hotfix that requires WGA authentication to download. Apple may not publicly acknowledge bugs, but at least they're not forcing you ensure you've got a Genuine® iPodâ before being allowed to get to a patch that adds functionality that was left out entirely to begin with.
This may have been addressed in SP3; I have no idea - there are no XP SP
Re: (Score:2)
is provided by a non-critical hotfix that requires WGA authentication to download
So you have to prove that you paid for the software license before using it? Don't get me wrong, I don't like DRM, but I don't like people who share and use things that they haven't paid for, either. In my experience, Microsoft's product authentication has been pretty damn painless, but this really is beside the point.
We're talking about a WPA implementation that doesn't work properly. That has nothing to do with WGA (on a side note, if you don't like Windows or don't want to pay for it, just use an altern
Re: (Score:2)
His point is that you have to connect to Microsoft and send them your licensing information in order to download a patch which THEN makes your connection secure.
And that makes more sense? Without WGA, you'd still have to connect to download the update. Or here's an idea: you could connect using an Ethernet cable, or enable a white list on your wireless router, if you deem it such a security concern!
And anyway, that's not his point, is it?
Apple may not publicly acknowledge bugs, but at least they're not forcing you ensure you've got a Genuine iPod before being allowed to get to a patch that adds functionality that was left out entirely to begin with.
His "point" is about license validation, not security, and is pretty absurd when you consider that he'd rather have his OS creator not acknowledge bugs than require clients to provide license authentication before they receive upd
Re: (Score:2)
Who said anything about my preferen
Re: (Score:2)
Broken WPA is depressingly common. We use 'enterprise' WPA (i.e. where you have a user id and password - PEAP + MSCHAPv2). Windows XP works fine with this (although it's a 19 step process to configure with XP's supplicant). WinCE and Windows Mobile 6 devices need a third party supplicant to work at all even though the authentication protocol was designed by Microsoft! (OS X and Ubuntu just work, on the other hand).
Re:Single apple ipod touch bug slashdot worthy? (Score:5, Insightful)
wpa 1/2 has been supported by other consumer facing products for several years. Apple is supposed to be about high quality devices that we are happy to pay a premium for. Security is a big deal these days. For Apple to release a product with such a key feature horribly broken is - horrible; this is not a made-up complaint.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Cool, a soon as there's an "open" device that supports all the features, I'm in.
Where did I put my DIY chip foundry.....
Character encoding (5:erocS) (Score:3, Informative)
Spell Apple with the Euro symbol for the E.
Can't, reliably, unless you mean actually spelling out the three-letter currency sign as in "ApplEUR" or "AppGBPe". Due to past abuses of directional overrides [slashdot.org], Slashdot is not configured to work well with code points U+0100 and above. Heck, I haven't even got Firefox 3 + Slashdot D2 to work reliably with U+00A0 through U+00FF.
Re: (Score:2)
Re: (Score:2)
Appl€
So it appears Appl€ (A p p l & e u r o ;) works, and so does App£e (A p p & p o u n d ; e). Thank you.
Re: (Score:2)
Ok, first you pretend that WEP offers any actual security, and then you show that you don't get HTML entities: € works just fine. Turn in your geek card, please?