Eeros Wifi System’s Backdoor
Started to research the eero Wifi system today after a tech buddy’s endorsement this past week. My wife and I would love to saturate our 3500 sq ft home with 5ghz Wifi signal, instead of our remote spaces only getting the 2.4ghz, and the eero super-simple setup and mesh networking seems VERY intriguing.
The eero system is described by the company as “self-healing” because it “phones home” to their servers to update as it learns from other people’s installations. Amazon reviews were glowing and my wife was excited, but I said I had to research their security model before buying.
After poking around a bit I then read this post by a guy I follow Brian Krebs (he’s the guy that broke the Target breach story) and he seems convinced. But reading what the CEO said in Brian’s interview with him, and people in the comments, confirmed my suspicion: eero uses public key cryptography but *eero* holds the key. That means they would be able to gain full access to our internal LAN (and all devices on our network) or be compelled to hand over the key for access by who-knows-whom.
Guess we’ll pass.