WPA3 on Wahoo devices

Hi there! I’ve been a Wahoo user for years, from the days of the first TICKR and the RFLKT. I still have an original ELEMNT and just purchased a KICKR and a Roam v2.

I was somewhat dismayed when my Roam would not connect to my WPA3 WiFi network, and I had to put it on a secondary WPA2 network I have for older technology.

WPA3 compatibility can be added via firmware. It is (overall) more secure than WPA2 since it came out in 2018, versus WPA2 which is now 20 years old.

I haven’t opened the KICKR box yet, because I expect I’ll be disappointed. When will the entire product line get WPA3? It matters if I’m letting your products on my network.

2 Likes

Security is relative. Is there anyone who is or would be accessing Wi-Fi in your area? Ive been running WPA2 off my cell phone in a crowded environment.
First thing: Use a strong password that isn’t easily guessed. This is the best thing you can do.
Second, Use 5GHz if possible.
Third, set your network for allowed devices only.
Fourth, monitor your network for unauthorized access.
Fifth, change passwords on a random basis.

1 Like

Jim, my primary gig is in IT. “Good enough” is a lousy excuse. My key is a passphrase. I use a significant number of the 64 characters available.

WPA3 is 6 years on the market. A product released in 2022 should support it. Since a firmware update can fix this, it should be addressed today.

Why are you insisting on WPA3 though? BTW, I have 40 years in cyber-security and I’ve found the biggest security hazard sits in a chair. Not over-the-air data capture which is harder than you think…(You have to find the signal first, thus the first step is removing your SSID from any broadcast signal).

Jim, you’re not completely wrong, but you’re also justifying non-compliance with current standards. Laziness. Whatever you’d like to call it.

This is Wahoo, not some piece-of-crap Chinese-made IoT device (some of which ARE designed to sniff) and I expect better. WE should expect better.

Thanks for coming off like a fanboi on my first post here.

Again, you haven’t explained the WHY Wahoo should move to WPA3, just “They should do it”. Is there some massive security issue that will require the use of very restricted resources that will expose critical data? As I said, initially, I’m I cyber-security expert. You don’t implement changes just to implement changes. This can lead to unintentional consequences such as inability to connect. Some older networks can’t support WPA-3, even though it’s been around for some time.

1 Like

image

5 Likes

Why should they move? Because it’s there and has been for 6 years. Because I am using it exclusively on my primary network, as are others.

You’ve adopted both the “don’t use WPA3 on your network because devices don’t support it” AND “companies shouldn’t bother to support WPA3 in their devices because people aren’t using it on their networks.” You claim to be a security professional and yet miss that catch-22.

There are papers on IEEE that talk about the slow adoption of WPA3, and your complacency is part of what they’re talking about.

I’m no longer a coder, but I get the feeling someone of moderate talent might have gotten an alpha version operational since I posted it.

This discussion is beyond my expertise, but I can tell you that the Wahoo engineers and support, while they do occasionally drop into this public forum, do not frequent it nor typically comment directly on many of these technical topics. If you want this addressed by someone from Wahoo I would recommend sending a message thru to support. Otherwise you’ll just get other users providing unofficial personal comments and opinions. And forgive me if I’m mistaken, but it sounds like you’re looking for an official or semi-official comment from someone informed.

2 Likes

Also, I would like to point out, again, that Wahoo has limited staff and fixing a non-critical issue might not be something they can work on. Again, “I’m using it on my primary network” may not be a good enough reason for Wahoo to break functionality. Again, making changes to makes changes is never a good reason to do anything.
And again, why should Wahoo changed to WPA3? I guess I’ll have to dig into it as you seem to be quite unable to provide a one line answer regarding security.

I know it’s a user forum. I was looking for some consensus from people who expects their products to take advantage of technology within the last ten years. I thought someone might take the approach of an apologist, but what I got from jmckenzie went far beyond.

Utlimately, I’m looking to pitch Wahoo products to a shop to carry as high-end products. I am anticipating problems people might have before that time.

So there you have it. I want to recommend an easy-selling, easily supported high end product that isn’t going to be available through the distributors he likes to use. People not caring would have been one thing. People going to the extreme that jmckenzie did is too much.

1 Like

And I pointed out why I raised such a ruckus. Asking in a forum why a particular protocol is not supported is not the place to do so. There may be technical reasons why things are the way they are. Stating what you did sounded like a temper tantrum. BTW, I’ve been the victim of "Let’s change this just to change it, and it busted a large company’s ability to use that particular software ". I hope you submitted a ticket with Wahoo and got an official response.