Is Wireless Direct Safe?

Joined
Dec 5, 2008
Messages
713
Reaction score
43
Points
28
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
Hello All!
My wife bought a Canon TS9521C printer to use with her iPad. With some devices, it allows WiFi if the device (iPad) is on the same network as the printer. It also allows Bluetooth or Wireless Direct, which is think is Canon's name for WiFi Direct.

We had to use Wireless Direct because:
WiFi on the iPad is a 5 Ghz network. We use that because her iPad & my MacBook Pro are the only things on the 5 GHz network, keeping it isolated from the WiFi televisions, treadmill & stuff. They're on a Guest 2.4 GHz network.

The printer can't use 5 GHz that the iPad is normally on, so that's out. (It will use the Guest 2.4 GHz that has the televisions & stuff.)
The iPad won't see the printer via Bluetooth. Another failure.
So, Wireless Direct won for now.

Wireless Direct is rather clunky to use, but tolerable. One must go to iPad's Settings - WiFi and choose the printer. Then, when done, switch the iPad back to the 5 GHz network in iPad's Settings - WiFi.

Since it's equally clunky to use Wireless Direct as switching WiFi networks, I am wondering if it is safe to use Wireless Direct or if it is safer to change her iPad to one of the 2.4 GHz networks while printing & switching back when done. The WiFi network will have the televisions on it. (Same amount of steps to change networks are Wireless Direct)

Thanks For Sharing your knowledge about safety.
Paul
 
Joined
Oct 16, 2010
Messages
17,496
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
Thanks For Sharing your knowledge about safety.


I don't really understand why you are having all those problems and workarounds to get that printer working, especially as we have a Canon MX 922 Printer that works with all our Macs and IDevices without any sort of switching methods or anything required. It just simply plain works with our current situation which I guess relies on Air Print.

Maybe just try setting it up again and I'm sorry I have no idea or any information regarding Wireless Direct printing, or even what is involved if and when using it. But I imagine it is fairly safe, as the printer has no way of storing any personal information even if it was accessed from some other source.


- Patrick
=======
 
Joined
Jan 1, 2009
Messages
15,455
Reaction score
3,811
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
The printer can't use 5 GHz that the iPad is normally on, so that's out. (It will use the Guest 2.4 GHz that has the televisions & stuff.)
Why do that? Just let the iPad (and anything else that wants the printer) to be all in one network with the other stuff. You have a firewall on the network router, I presume, so that should provide some resistance to any bad actor from outside on the Internet. Use a strong password for the network with WPA3 and get rid of the Guest network. They should all play nice in the one combined network. I have a mesh network that currently has 62 devices sharing between 5 and 2.4gHz just fine. I use Homekit for home automation, so about half of those are various Homekit switches, controllers, etc. I also have 6 security cameras and multiple computers, with the computers in the network both by WiFi and Ethernet. Plus multiple TVs and Apple TV boxes.

Just let the devices use whatever is available, no need to be as restrictive as you have it set up. Then, the printer will just connect and be available when anybody with network access wants it.
 
Joined
Sep 30, 2007
Messages
9,962
Reaction score
1,235
Points
113
Location
The Republic of Neptune
Your Mac's Specs
2019 iMac 27"; 2020 M1 MacBook Air; macOS up-to-date... always.
Guest networks aren't usually isolated in that manner. Some routers let you give the 5 Ghz band a separate SSID (the old Apple AirPorts could, for example), but guest networks are something else entirely. Enabling the Guest network option forces anything connected to it to be 100% isolated from anything else, even on the Guest network itself. But this doesn't mean limited to 2.4 GHz on one network, 5GHz on the other. I suggest reconsidering how you have all this set up. If you can tell us what router you have, we can look over the options.
 
Joined
May 21, 2012
Messages
10,703
Reaction score
1,158
Points
113
Location
Rhode Island
Your Mac's Specs
M1 Mac Studio, 11" iPad Pro 3rdGen, iPhone 13 ProMax, Watch S7, 2018 15" MBP, AirPods Pro
Most modern routers use the same Wi-Fi SSID name for both 5GHz and 2.4 GHz networks. You can go into the routers setup page and give each network (5GHz/2.4GHz) separate SSID names.

I don't recommend using a Guest network for any of your other household devices. It's designed to keep connections separate from everyday devices.
 
Joined
Sep 30, 2007
Messages
9,962
Reaction score
1,235
Points
113
Location
The Republic of Neptune
Your Mac's Specs
2019 iMac 27"; 2020 M1 MacBook Air; macOS up-to-date... always.
Most modern routers use the same Wi-Fi SSID name for both 5GHz and 2.4 GHz networks. You can go into the routers setup page and give each network (5GHz/2.4GHz) separate SSID names.

I don't recommend using a Guest network for any of your other household devices. It's designed to keep connections separate from everyday devices.

That depends on the devices. The reason to have a Guest network is so anything connected to the network can't connect to other devices on the same network. So... if you don't trust someone or something to not try to connect to your personal computer, isolate them on Guest. This was intended for people visiting your home, but it's increasingly common practice to put "things" on there also. My thermostat, lawn irrigation controller, and a couple other items are all on my Guest network because there is no need for them to have access to anything else on my network. Not that they would or should need to, but if they got compromised somehow, having them firewalled off protects me.
 
OP
PGB1
Joined
Dec 5, 2008
Messages
713
Reaction score
43
Points
28
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
Thank You each for helping me understand how all of this works & what is safe & what isn't. I very much appreciate your sharing of knowledge.

From Patrick: I don't really understand why you are having all those problems and workarounds to get that printer working, OY! I found, not in the manual but on a site where someone reviewed it, Canon replying to the "can't connect" review that the printer will not connect to 5 GHz. I wish they would have put that in the instructions or specifications.
Why iPad can't find the printer via bluetooth is a mystery,
I did get the printer to connect to a 2.4 GHz band for testing, but that would mean moving the iPad to the slower band of one of our non-guest networks. If safe, OK with me. (The guest 2.4 has the televisions because they can't use 5 GHz)


From Jake: Use a strong password for the network with WPA3
Our router only has WPA2-PSK and AES. No WPA3. Is that safe enough, or must we buy a new router to be secure?

From LifeIsABeach: Enabling the Guest network option forces anything connected to it to be 100% isolated from anything else, even on the Guest network itself.
We get to choose to let the guests see each other on this TP-LINK Archer C7 AC-1750 router. Our old one couldn't.

My thermostat, lawn irrigation controller, and a couple other items are all on my Guest network because there is no need for them to have access to anything else on my network. Not that they would or should need to, but if they got compromised somehow, having them firewalled off protects me.
That's basically what we are trying to accomplish. I think...
 
Joined
Jan 1, 2009
Messages
15,455
Reaction score
3,811
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
I did get the printer to connect to a 2.4 GHz band for testing, but that would mean moving the iPad to the slower band of one of our non-guest networks.
Wait, I thought you said that somehow you had isolated the 5gHz and 2.4gHz bands into two separate networks. Now you say you have a 2.4gHz in your non-guest network? What what does "one of our non-guest networks" mean? Do you have more networks than just the two you have told us about?
Our router only has WPA2-PSK and AES. No WPA3. Is that safe enough, or must we buy a new router to be secure?
Well, you are expending an awful lot of work to protect against something, but then use an older security method, so that would seem to be counter-intuitive. WPA3 has been around since 2018, so that makes your router pretty old in technology terms. If you are so worried about security that you have fragmented your LAN, then maybe a move to a WPA3 would be logical. Read this and make your decision:



That's basically what we are trying to accomplish. I think...
Why? Basically, with the exception of the smarter devices (Smart TV, Apple TV, Game consoles, etc), the devices are pretty dumb. No need to be paranoid that somehow your refrigerator is spying on you any more than you are being spied on anyway through your cell phone. The latter is a lot more intrusive than a game console.
 
Joined
Sep 30, 2007
Messages
9,962
Reaction score
1,235
Points
113
Location
The Republic of Neptune
Your Mac's Specs
2019 iMac 27"; 2020 M1 MacBook Air; macOS up-to-date... always.
Why? Basically, with the exception of the smarter devices (Smart TV, Apple TV, Game consoles, etc), the devices are pretty dumb. No need to be paranoid that somehow your refrigerator is spying on you any more than you are being spied on anyway through your cell phone. The latter is a lot more intrusive than a game console.

The FBi begs to differ.

Is this practice overkill? Probably, for the most part. But you know what they say... an ounce of prevention is worth a pound of cure.
 
Joined
Jan 1, 2009
Messages
15,455
Reaction score
3,811
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
I think the FBI was slightly over the top if what that article, from three years ago, said they said was correct. Yes, change passwords on any that have them from default, make them hard to crack, make your WiFi password the same. Don't share it. And if you do, change it right after the sharing is done. But you can share the local network with your IoT safely. No need to be paranoid about it.
 
Joined
Sep 30, 2007
Messages
9,962
Reaction score
1,235
Points
113
Location
The Republic of Neptune
Your Mac's Specs
2019 iMac 27"; 2020 M1 MacBook Air; macOS up-to-date... always.
I think the FBI was slightly over the top if what that article, from three years ago, said they said was correct. Yes, change passwords on any that have them from default, make them hard to crack, make your WiFi password the same. Don't share it. And if you do, change it right after the sharing is done. But you can share the local network with your IoT safely. No need to be paranoid about it.

Citations required. Declaring it's safe and no need to be paranoid about it doesn't make it so. Meanwhile... Anatomy of an IoT malware attack
 
OP
PGB1
Joined
Dec 5, 2008
Messages
713
Reaction score
43
Points
28
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
From Jake:
Wait, I thought you said that somehow you had isolated the 5gHz and 2.4gHz bands into two separate networks. Now you say you have a 2.4gHz in your non-guest network? What what does "one of our non-guest networks" mean? Do you have more networks than just the two you have told us about?
I apologize if my explanation causes one to get confused. Our router has 4 networks, if that is the correct term.
One is 5 GHz and is not considered a Guest.
One is 2.4 GHz and is not considered a Guest
.
One is 5 GHz and IS considered a Guest. It can be set so guests can see each other.
One is 2.4 GHz and IS considered a Guest. It can be set so guests can see each other.

Why? Basically, with the exception of the smarter devices (Smart TV, Apple TV, Game consoles, etc), the devices are pretty dumb. No need to be paranoid that somehow your refrigerator is spying on you any more than you are being spied on anyway through your cell phone. The latter is a lot more intrusive than a game console.
It's not about the spying. We're so boring, even Google doesn't track us. What it is about is having someone use the printer as an access to the stuff on the iPad.

 
Joined
Jan 1, 2009
Messages
15,455
Reaction score
3,811
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
Citations required. Declaring it's safe and no need to be paranoid about it doesn't make it so. Meanwhile... Anatomy of an IoT malware attack
Not how science works. It is axiomatic that one cannot prove a negative. That's not how science works at all. Your theory is that IoT represents a threat. You provided two old articles about it. But, can you name one instance where an IoT device was the vector to hack into a computer? A Network? All it takes is one case of a Mac being hacked by a refrigerator to disprove my assertion that it is not a real risk.

The only IoT hacks I have seen (about gaining access to a security camera images) required access to information about the network that simple, reasonable, practices would eliminate--robust passwords on the network access, computers, and any device that logs into the network with account name/password authority--plus physical access to the facility with the cameras. IoT devices generally don't have that kind of vulnerability. They just use the WiFi as transport for the various control signals. I've never logged into any of my wall switches in HomeKit.

Home locks, thermostats, etc, might be hackable to allow a bad actor to change the temperature, or gain access to the home, but according to this, taken from your article, the attacker first has to have access to your own system:
For any type of attack (malware or otherwise), the attacker needs to hit an attack surface, which is defined as the sum total of all of the device's vulnerabilities. When the attacker identifies and becomes familiar with the attack surface, they create an attack vector, the path the attacker uses to discover and exploit vulnerable IoT devices on your network, and cause the device do something other than what it was intended to do. Common attack vectors include: a link in an email ("click here if you want to get rich quick"), downloaded software ("your Flash player is out of date"), or even hovering your mouse over an infected ad can give a would-be attacker a way in.
and later:
The CNC program scans IP addresses on the internet looking for hosts with open ports, and if it finds one, it attempts to log in using a set of known default userid/password combinations (for example, admin/admin, root/admin, user/user, and so forth).
Finally, in the articles the only "threat" from these IoT attacks is the possibility that the device can be hacked to be bricked, or to serve as a bot for denial of service attacks, or maybe used for crypto-mining. Nothing about being able to penetrate your home computer systems.

Basically, the recommendation of those two articles was to change passwords from the defaults on any device with passwords. That is good advice, and I have strong passwords on everything. You should, too. But the articles don't make a very strong argument for having a separate network of IoT. In fact, they make a not-bad case for just sharing. The fewer networks you have the less likely it is that your home will be invaded by bad software.

But, as I said, I cannot prove a negative. But can you prove a positive? If I said to you, "Your house has a ghost living in it," can you prove it does not? No matter what you offer as proof, I can say "Oh, you just missed it" or "Oh, it's over there," or "You didn't test properly," and you are stymied. But, if you turn that around and say to me, "Prove it, show me the ghost," and I cannot, then I am exposed and proven wrong, which means there is no ghost. So, rather than having me play wack-a-mole to assert the risk is low, show me a case where it happened.
 
Joined
Jan 1, 2009
Messages
15,455
Reaction score
3,811
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
From Jake:
Wait, I thought you said that somehow you had isolated the 5gHz and 2.4gHz bands into two separate networks. Now you say you have a 2.4gHz in your non-guest network? What what does "one of our non-guest networks" mean? Do you have more networks than just the two you have told us about?
I apologize if my explanation causes one to get confused. Our router has 4 networks, if that is the correct term.
One is 5 GHz and is not considered a Guest.
One is 2.4 GHz and is not considered a Guest
.
One is 5 GHz and IS considered a Guest. It can be set so guests can see each other.
One is 2.4 GHz and IS considered a Guest. It can be set so guests can see each other.

Why? Basically, with the exception of the smarter devices (Smart TV, Apple TV, Game consoles, etc), the devices are pretty dumb. No need to be paranoid that somehow your refrigerator is spying on you any more than you are being spied on anyway through your cell phone. The latter is a lot more intrusive than a game console.
It's not about the spying. We're so boring, even Google doesn't track us. What it is about is having someone use the printer as an access to the stuff on the iPad.
Well, the easiest way is to merge the two not-Guest networks into one, on both 5 and 2.4gHz. Your phones will swap bands to the strongest signals automatically and the printer will be available for devices on either band because it will be in the same network via the router. If you are still worried about the IoT network, you can leave it as it is, although I still say the risk is very, very low if you just merged it all into one network and simplify your life. Change any passwords that are defaults to something really strong and you should be good.
 
OP
PGB1
Joined
Dec 5, 2008
Messages
713
Reaction score
43
Points
28
Location
Detroit
Your Mac's Specs
2007 Mac Book Pro 2.2 Ghz 4 GB RAM SSD OSX 10.11 & 2006 MBP Stuck At 10.6.8
Well, the easiest way is to merge the two not-Guest networks into one, on both 5 and 2.4gHz. Your phones will swap bands to the strongest signals automatically and the printer will be available for devices on either band because it will be in the same network via the router.
For the phones, this will be a good idea, if I can figure out how to merge them. But, the printer absolutely refuses to connect to the 5 GHz networks. It also is not discovered by the iPad in Bluetooth mode. My Andorid phone and computer are discovered, proving Bluetooth works on the printer. But, the printer is for my wife's iPad.)

So far, we are stuck with Wireless Direct. (Or boxing it up and trying a different brand of printer.)
 
Joined
Dec 30, 2022
Messages
609
Reaction score
312
Points
63
Location
Somerset, England
Your Mac's Specs
Mac Mini M1 (8gb Memory / 500 gb Hard drive) Running Sonoma 14.0
Well, the easiest way is to merge the two not-Guest networks into one, on both 5 and 2.4gHz. Your phones will swap bands to the strongest signals automatically and the printer will be available for devices on either band because it will be in the same network via the router.
For the phones, this will be a good idea, if I can figure out how to merge them. But, the printer absolutely refuses to connect to the 5 GHz networks. It also is not discovered by the iPad in Bluetooth mode. My Andorid phone and computer are discovered, proving Bluetooth works on the printer. But, the printer is for my wife's iPad.)

So far, we are stuck with Wireless Direct. (Or boxing it up and trying a different brand of printer.)
You give both bands the same name and password, I am sure this was mentioned earlier.
 
Joined
Jan 1, 2009
Messages
15,455
Reaction score
3,811
Points
113
Location
Winchester, VA
Your Mac's Specs
MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
Well, the easiest way is to merge the two not-Guest networks into one, on both 5 and 2.4gHz. Your phones will swap bands to the strongest signals automatically and the printer will be available for devices on either band because it will be in the same network via the router.
For the phones, this will be a good idea, if I can figure out how to merge them. But, the printer absolutely refuses to connect to the 5 GHz networks. It also is not discovered by the iPad in Bluetooth mode. My Andorid phone and computer are discovered, proving Bluetooth works on the printer. But, the printer is for my wife's iPad.)

So far, we are stuck with Wireless Direct. (Or boxing it up and trying a different brand of printer.)
OK, a short tutorial on Local Area Networking (LAN). You have a router that provides radio connections for devices using two band, one is 2.4gHz, the other is 5gHz. The 5 is slightly faster, but has shorter range and is more susceptible to attenuation as it passes through walls, furniture, people, etc. The 2.4 is longer ranged, slightly slower but doesn't attenuate as badly.

The way the router works is that you have a network name, and the router broadcasts that name. On your various devices, your WiFi receiver receives the signal and then displays for you the name. You select the named network you want, provide the password for the network and the device is connected and provided what is known as an IP number. That IP number is the address of that one device. While connected to that network, your device can see, and be seen by, any and all other devices in that same network. It's how the devices communicate, through those addresses. Each device has a unique address that the router tracks.

Now, if the router is instructed to create a network on both radio bands and given the name "non-Guest" for the network, then any device that connects to "non-Guest" will see and be able to communicate with every other device in "non-Guest," regardless of what radio frequency the devices use. So, an iPad connected to 5gHz part of "non-Guest" should be able to connect to a printer attached to "non-Guest" on the 2.4gHz band because the router connects them using the assigned IP addresses. Not only that, but your iPhone and iPad are smart enough to switch from the 5gHz band to the 2.4gHz band whenever the signal is better quality, and vice-versa. That, in effect, extends the range of your connection because the 2.4 has better range. And you don't have to do anything to make that work. It just happens.

However, if you have separated the radio bands with different names, say "non-Guest 2.4" and "non-Guest 5," then those are two DIFFERENT networks, and the devices on 2.4 won't see, or be able to communicate with, those devices on 5. That is why your printer won't connect. You are on 5, the printer can only connect to 2.4, and you have them as separate networks. It's never going to connect as long as the two are in different nets.

So, as I suggested, change the router settings to have 'non-Guest" use both 2.4 and 5 gHz radio frequencies and all the devices connected to "non-Guest" will be able to communicate.

Note that this approach does NOT change what you have for the IoT network(s). However, right now ALL IoT devices use only the 2.4gHz band, AFAIK, so you could merge the "guest" bands into one network as well. No need to separate radio frequencies at all. If and when a 5gHz IoT device is sold, it will then connect to "guest" and see, and be seen by, all the other IoT devices.

One more reason to connect IoT to your general LAN and just have ONE in your home. HomeKit communicates through WiFi hubs (AppleTV, Apple HomePods, etc). But if the hub is NOT in the same network as the device and the iPhone with the Homekit app, then you cannot control the house automation from the iPhone unless you log out of your "non-Guest" network and log into the "guest" network. PITA to do that each time you want to unlock the front door, or change the temperature, or turn on a light. Having the IoT devices in the same network with your hub and controlling iPhone, iPad, Mac, will make home automation a LOT more useful. If you don't use Homekit, you still have the same issue with the other HA setups because right now they all use 2.4gHz for communications.

Hope that helps some. Simplify your LAN and the printer will work.
 

IWT


Joined
Jan 23, 2009
Messages
10,218
Reaction score
2,175
Points
113
Location
Born Scotland. Worked all over UK. Live in Wales
Your Mac's Specs
M2 Max Studio Extra, 32GB memory, 4TB, Sonoma 14.4 Apple 5K Retina Studio Monitor
right now ALL IoT devices use only the 2.4gHz band, AFAIK,

The literature agrees with you, Jake. Purely for reference purposes, here are 3 links from a dozen or more I came across:




Ian
 
Joined
Oct 16, 2010
Messages
17,496
Reaction score
1,541
Points
113
Location
Brentwood Bay, BC, Canada
Your Mac's Specs
2011 27" iMac, 1TB(partitioned) SSD, 20GB, OS X 10.11.6 El Capitan
It's not about the spying. We're so boring, even Google doesn't track us. What it is about is having someone use the printer as an access to the stuff on the iPad.

Wow, I am assuming that that is being extremely boring, LOL!!!

But I really don't understand How anyone could use the printer to access anything Personal on the iPad.

If you can't get anything else working so your wife can print from her iPad, If you have a Mac that is on all the time, and could connect the printer to it, you could install handyprint.app (a print sharing server) on it which would allow your wife to use it to do any printing and also keep everything safe.

Just as an alternative suggestion just in case, but I would suggest a complete overfill.

Just set it up as has been suggested.



- Patrick
=======
 

krs


Joined
Sep 16, 2008
Messages
3,555
Reaction score
610
Points
113
Location
Canada
The literature agrees with you, Jake. Purely for reference purposes, here are 3 links from a dozen or more I came across:




Ian
The information in the last link might be confusing - it pretty much sttes the pposite of what Jake is suggesting:
Therefore, if you have a dual-band router and want to connect to a smart home device, please make sure that the router has two SSIDs or WiFi names for 2.4GHz and 5GHz. This is what I did with the home network. When you need to set up a smart camera or light bulb, you can easily select the 2.4GHz frequency band. This will save you a lot of trouble, because some smart home devices cannot even be set up without the 2.4GHz WiFi band.
Not that I agree with that ......"please make sure that the router has two SSIDs or WiFi names for 2.4GHz and 5GHz." .....a nd ..... "This will save you a lot of trouble"
Jake's suggestion is perfectly fine.

BTW - Both articles have the rationale why IoT devices use the 2.4 GHz band backwatds - seems neither author has ever worked in that IoT industry.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top