The Weak Security and Privacy Warning on the iOS14 or iOS15
issue Description/Phenomenon:
Ever since IOS 14 updates(https://support.apple.com/en-us/HT211808 ), Apple has made great changes on the security update on IOS devices. New Privacy features improve user transparency and control over how apps access your location, photos, microphone, and camera.
After that, sometimes you might get a "Privacy warning" or "Weak Security" on your Wi-Fi network.
The following security modes have been considered insecure by Apple. So when IOS devices detect any of them was used by your router, the weak security will pop out.
( https://support.apple.com/en-us/HT202068 )
-
WPA/WPA2 mixed modes
-
WPA Personal
-
WEP, including WEP Open, WEP Shared, WEP Transitional Security Network, or Dynamic WEP (WEP with 802.1X)
-
TKIP, including any security setting with TKIP in the name
Solution:
Change your router security to be one of the following:
WPA3 Personal; WPA2/WPA3 Transitional or WPA2 Personal (AES)
Currently, All TP-Link routers supported changing wireless security, and please update to the latest firmware to improve your security.
Note: For the Archer C60 V2, please contact support.
1. For TP-Link Router
Please log in to your Router’s web interface, referring to How do I log into the web-based Utility (Management Page) of TP-Link wireless router?
On the web interface, please go to Advanced -> Wireless -> Wireless settings -> change the security type to WPA2-PSK -> click on the save button to finish the setting.
Archer Series (take Archer C9 as an example):
WiFi6 Series (take AX 1500 as an example):
TL-WR841N and Archer C50, C55:
2. For Deco Series
Deco models allow you to change the wireless security type on the Deco app, and please update the Deco app and the Deco’s firmware to the latest one if you do not see this feature.
NOTE: For the Deco M9 Plus with 1.2.12 or earlier firmware version, please refer to Method 3 in the link to update the firmware via the Upgrade Tool.
Take Deco M4 as an example.
You can go to the Deco app >More >Wi-Fi Settings >Security to change the wireless security type.
3. For Range Extenders
(1) it is recommended to change the encryption method of the front-end router or main AP to WPA2 + AES;
(2) then upgrade the firmware of the Range Extender to the newest on the official support page;
(3) then reset and reconfigure the Range Extender after upgrading to the newest firmware. Set the SSID of the Range Extender to a new one for checking, it's more recommended to configure through the webpage. Then Reboot the router and Range Extender together after that.
4. For MiFi products
1) M7200 V2&V3, M7450 V2, M7650 V1.1:
The latest official firmware has already set AES as the default encryption, please upgrade the firmware to the latest version, no need to change security manually.
2) M7650 V1, M7450 V1, M7350 V5, M7200 V1, M7000 V1, M7300 V3:
The default Wi-Fi security setting is WPA-PSK/WPA2-PSK Auto, please change it to WPA-PASK/WPA2-PSK AES. If you cannot see this option, please make sure you are using the latest firmware
3) M7350 V3&V4, M7310 V1&V2, M7300 V2:
The default Wi-Fi security setting is WPA-PSK/WPA2-PSK Auto, there is no option to set AES only.
[Note]:
The default Wi-Fi encryption on our products is set to Auto, which supports AES as well, the secure encryption method, and also supports TKIP encryption to be compatible with the devices that only support TKIP encryption.
It doesn't mean Apple must use the weak encryption method when it says weak security. If set the encryption to AUTO or TKIP mix AES, iOS devices will actively choose the secured encryption method WPA2+AES, but still give you a warning. So please don’t worry about its security.
Cause: It happens because the iOS uses its real MAC address to communicate.
Suggestion:
To improve privacy, Apple suggested keeping private addresses enabled all the time so that your device would use a different MAC address with each Wi-Fi network. ( https://support.apple.com/en-us/HT211227 )
Note: Though It will stop someone from tracking your network activity, some users reported that their IOS devices were “unknown” to routers since the random MAC address could not be recognized by the manufacturer anymore. The related issue has been discussed already, such as:
https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Unknown-Attached-Device/m-p/2005741
https://community.tp-link.com/us/home/forum/topic/515526
Cause: This iOS privacy feature is meant to be used where the router and the router's handling of DNS cannot be trusted, so it is designed to circumvent whatever the router is doing.
Solutions:
Deco has a special way to deal with its DNS requests, and when you had this notification.
Please set the DNS server to 8.8.8.8 and 1.1.1.1 manually in Deco App > More > Internet Connection > IPv4 page refers to this link, then go to the Wi-Fi setting of your IOS devices, forget/delete the Deco’s network, and reconnect to it again.