09
Mar 16

eero: A Mesh WiFi Router Built for Security

User-friendly and secure. Hardly anyone would pick either word to describe the vast majority of wireless routers in use today. So naturally I was intrigued a year ago when I had the chance to pre-order a eero, a new WiFi system billed as easy-to-use, designed with security in mind, and able to dramatically extend the range of a wireless network without compromising speed. Here’s a brief review of the eero system I received and installed a week ago.

Three eero devices designed to create a "mesh" wireless network with extended range without compromising speed.

Three eero devices designed to create an extended range “mesh” wireless network without compromising speed.

The standard eero WiFi system comes with three eero devices, each about the width of a square coaster and roughly an inch thick. Every individual eero unit has two built-in WiFi radios that are designed to hand off traffic with the other two units.

This two-radio aspect is important, as most consumer devices that are made and marketed as WiFi range extenders or “repeaters” contain only one radio, and thus end up halving the speed of the repeated WiFi signal.

The makers of eero recommend one device for every 1,000 square feet, and advise placing one device no further than 40 feet from another. Each eero has two ethernet ports in the back, but only one of the eeros needs to be connected directly into your modem with an ethernet cable. That means that a 3-piece eero set has a total of five available ethernet ports, or at least one open ethernet port at each eero location.

Most wireless routers require owners to configure the device by using a hard-wired computer or laptop, opening a browser and navigating to a numeric Internet address to enter some default credentials. From there, you’re on your own. In contrast, the eero system relies on a simple mobile app for setup. The app asks for your name, email address and mobile number, and then sends a text with a one-time passcode.

After you verify the code on your mobile device, the app prompts you to pick a network name (SSID) and password. The device defaults to WPA-2 PSK (AES) for encryption — the strongest security currently available.

Once you’ve assigned each eero a unique location — and as long as the three devices can talk to each other — the network should be set up. The entire process — from placing and plugging in the eeros to setting up the network —  took me about five minutes, but most of that was just me walking from one room or floor to the next to adjust the location of the devices.

MY TAKE?

The eero system did indeed noticeably extend the range of my home WiFi network. My most recent router — an ASUS RT-N66U, a.k.a the “Dark Knight” — cost about $150 when I bought it, but it never gave me coverage throughout our three-level home despite multiple experiments with physical placement of the device. In contrast, the eero system extended the range of my network throughout our home and to about a dozen meters outside the house in every direction.

In fact, I’m now writing this column from a folding chair in the front lawn, something I couldn’t do with any router I’ve previously owned. Then again, a wireless network that extends well beyond one’s home may actually be a security minus for those who’d rather not have their network broadcast beyond their front porch or apartment walls.

This is a good time to note one of eero’s best features: The ability to add guests to your wireless network quickly and easily. According to an interview with eero’s co-founder (more on that below), the firewall rules that govern any devices added to a eero guest network prevent individual hosts from directly communicating with any other on the local network. With a few taps on the app, guests are invited to join via a text or email message, and the invite contains the name (SSID) of the guest wireless network and a plaintext password.

There are a few aspects about the eero system that may give pause to some readers — particularly the tinfoil hat types and those who crave more granular control over their wireless router. Control freaks may have a hard time letting go with the eero — in part because it demands a great deal of trust — but also because frankly it’s a little too easy to set up.

There aren’t a lot of configuration options available in the app. eero says it is working on rolling out new features and options, and that it’s so far been focused on getting shipping all of the pre-ordered units so that they work as advertised. This is a WiFi system that I can see selling very nicely to relatively well-off consumers who don’t know or don’t want to know how to configure a wireless router.

To be clear, the eero is not a cheap WiFi system. I paid $299 for my three eeros, and that was at the pre-order rate. The same package now retails for $499. In contrast, your average, 4-port consumer WiFi router sells for about $45-$50 at the local electronics store and will do the job okay for most Internet users.

Another behavior central to the eero that is bound to be a sticking point with some is that it is regularly checking for or downloading new security and bug updates from the cloud. This may be a huge change for consumers accustomed to configuring all of this themselves, but overall I think it’s a positive development if done right.

For starters, the vast majority of consumer grade routers ship with poorly written and insecure software, and often with unnecessary networking features turned on. It’s a fair bet that if you were to buy a regular WiFi router off the shelf at the local electronics store, that software or “firmware” that powers that device is going to be out-of-date and in need of updating straight out of the box.

Worse still, most of these device will remain in this default insecure state for the remainder of their Internet-connected lifespan (which is probably at least several years), because few consumer routers make it easy for consumers to update, or even alert them that the devices need updates. There are so many out-of-date and insecure routers exposed to the Internet now that it’s not uncommon to find criminal botnets made up entirely of hacked home routers.

True, geeks who feel at home tinkering with open-source router firmware can void their warranty by installing something like DD-WRT or Tomato on a normal wireless router, and I have recommended as much for those with the confidence to do so. But I also am careful to note that anyone who updates their router with third-party firmware but fumbles a crucial step can quickly be left with an oversized and otherwise useless paperweight.

INTERVIEW WITH EERO CEO/CO-FOUNDER

I wanted to know more about the security design that went into the eero, and fortunately was in eero’s hometown of San Francisco last week for the RSA Security conference. So I dropped by the company’s headquarters and got to sit down briefly with the company’s CEO and co-founder, Nick Weaver.

“The way we designed the eero system in general is that it’s a distributed system that runs in your home, and the system we use to deliver that experience is also a distributed system,” Weaver explained. “In your home, the system distributes the load of clients, compute, updates, and diagnostics across the units in your home. We also have a cloud with a distributed architecture, and that’s what allows the eero networks to update an configure themselves automatically.”

BK: Where does that distributed cloud architecture live?

NW: Today it’s Amazon, and everything is hosted on AWS. There’s a high frequency [of check-ins] but not a lot of traffic.  There is very little information exchanged. Only diagnostic info that explains how the links between the eeros are doing. You can think of it as a network engineer in the sky who helps ensure that your network is configured properly.

BK: How does the eero know the updates being pushed to it are from eero and not from someone else?

NW: Every update is signed by a key, and that key is locked away at [the bank].

BK: Does eero collect any other information about its users?

NW: There is no information collected ever about where you go on the Internet or how your connection is being used. That is not information that’s interesting to us. The other co-founder studied networking and security and contributed quite a bit to the Tor Project. We’ve got all the right tensions in our founding team. Security is really important. And it’s been totally underestimated by all the existing players. As we’re discovering more and more security vulnerabilities, we have to be able to move quickly and deploy quickly. Because if you don’t, you’re doing a disservice to your customers.

Would you buy a eero system? Sound off in the comments below.

Update 12:58 p.m. ET: Corrected the price of the 3-eero unit.

Tags: , , , ,

108 comments

  1. So, Krebs your website is now taking kit from suppliers and spruiking it?

    Why would I want to put part of my network configuration inside of AWS where I don’t know who has access to what..

    Only diagnostic information you say… So once there is a hack for the system and they get into the AWS system they then have real-time information on who is using that system.

    Krebs stick to reporting rather than selling out and attempting to be a selling point for vendors. Especially vendors who are new to the market without a huge track record.

  2. I was super interested in this until I actually looked on Amazon, there are so many negative reviews – and these are not “just” people complaining – this setup has lots of problems and seemingly very poor support. Sounds like a recipe for tech-disaster.

    I don’t think this is ready for prime-time!

  3. From a security point of view, I’m a bit baffled. Other than auto updates, nothing gives me a warm and fuzzy that it is more secure.

    My ASUS router doesn’t autoupdate, but it tells me when an update is available, and it is a simple button push to make it happen. The only thing that is challenging is the relatively low frequency of updates.

  4. I use ubiquiti access points at home. Yes they need a controller but you can use a raspburry pie for that. At $89 for the cheapest AP it is lower cost then these guys and POE.

    I like having an ACL that I can use if needed

    • I don’t know if Ubiquiti is an AP name I would put out there in a conversation about device security. How many times do they have to get hacked and be the launching point for major hacks for people to stop quoting them as “the good stuff?” Yes, they are cheap and do great things, well… as long as not connected to the internet for an extended period of time. Actually, even then they still do wonderful things, just with other people deciding what it is that they do.

  5. Ubiquiti here too. My understanding is they have a fancy new mobile app for setting up the latest generation, and they actually don’t need a full time controller except for some features.

  6. You said: “The device defaults to WPA-2 PSK (AES) for encryption — the strongest security currently available.”

    But isn’t WPA2 Enterprise is more secure? They could have included a radius server in this system, giving you an easy to use secure system.

    • WPA2 PSK is the most secure available without a server; so yes, based on just adding wireless devices, that would be those most secure available.

  7. This device may be designed in the US, but where is it built? Is it built in China? If so, the Chinese have been caught selling hardware which checks in with China so the device cannot then be trusted in spite of the best intentions of the designers.

    So, where is it built?

  8. Dude…mad props for all past security articles. With love, this reads like thinly veiled advertising. Like the other readers there is little compelling about this offering. Easy sure, but that past reader rabbit builds secure wireless is a hot mess.

  9. Dont you wish you never published your thoughts on this Brian? I liked your review, but the trolls and those been in IT too long and cant accept change, are giving you an undeserved pounding…

    • Ashley, if by “change”, you mean accepting that your router phones home and share whatever data they tell you without your knowledge or a proper contract, then yes, I’m against that sort of “change”, as many others have reported before.

      Receiving automatic updates for such crucial devices is another downside for me. At some point or another, one of their updates will probably leave each eero unstable or worst, in a brick status. What will happen then? How mister-no-nothing-about-IT will react and deal with it?

      Even Apple & Google can’t provide perfect updates 100% of the times. That’s human nature and nothing will change that.

      Release cycles are coming at a higher rate than before and less time is spent with testing… But still, current generations jump on any new techie stuff without asking too many questions.

      When it touches routing, data sharing and the security/privacy of my devices/life, I’m extremely careful. Soon, you’ll realize what the CEO said about “That is not information that’s interesting to us” is that it might be to other companies they can sell your data to. What will happen to your data if this company goes bankrupt & is being sold?

      But, you’re more than welcome to go first. I won’t be joining the club anytime soon though.

      • Now if you read the beginning of that response the founder says ;

        “There is no information collected ever about where you go on the Internet or how your connection is being used. That is not information that’s interesting to us.”

        So it’s not that they can even sell your information if they wanted to as they don’t collect it. Now if the company were to be purchased by someone else who makes an auto update to collect that information, then you have something to worry about.

        • Closed Source software can be just as secure as Opsen Source and Open Source software can be just as insecure. One need only look to OpenSSL for an example of this. Something like 5 major vulns in a years time. I appreciate the transparency of Open Source software and I do check file hashes when downloading tarballs. however I’m not going line by line of the code. Although someone eventually does. But thats not an indication by itself that the software is more secure.

  10. About the only thing that would convince me to buy a new router is for it to be completely open source, both software and firmware, and editable by the owner. Until then I have to assume everything is backdoored, and once you build a back door, it’s going to get used by lots of people you didn’t intend.

  11. Brian, you should check out the AVG Chime and the Luma. I’m waiting for my Lumas to show up. I think they’re closer to a usable security gateway and IDS/UPS than eero for Joe Consumer. Especially if you’re a parent. At last these types of products are coming to market. And that is a very good thing.

    The Lumas are quad core, the eero and chime are dual core. SmallnetBuilder ran a recent comparison on all three.

    • Thanks for the review Brian. Michael, I’m waiting for the Lumas too. As a former corporate user of PureWire, it didn’t surprise me when they sold out to Barracuda. I expect the PureWire secure access philosophy to be in the Luma DNA. I am more than happy to have my router connected to their system – after all, I’ve used OpenDNS at home for years and trusted them with all my domain lookups and PureWire style filtering.
      Waiting isn’t easy though – I have mesh envy for all the folks who bought eero while I wait for Luma. The parental content and time controls Luma has planned also factored into my decision. I was happy to see that neither system offers WEP. haven’t looked around to see if it’s been dropped broadly by other OEMs.

  12. Hey Brian, by coincidence I was just checking into this system. I totally get your interest in a secure router and the ability to get updates. I was also game on supporting a San Francisco company. Lots of consumers need something easy, I get that. The technology seemed state of the art. However, after my research I decided I wasn’t interested due to the devices continually phoning home. You asked him the right question regarding what info they collect on users but I am not satisfied with his answer, and he changed the subject immediately. The info going through your router is a gold mine, just imagine how much dough they could make selling that. Without a clear written policy regarding this issue I wouldn’t trust them. I wasn’t exactly relieved to see that the employess are a bunch of hipsters, you know the guys who write android programs that upload your info. Maybe I am paranoid, but if I were you I would monitor the WAN port with Wireshark and see what’s going out. If it’s encrypted you will never know.

  13. The price for me is steep – only in regards to the Wifi side of the house, not the money involved. I have a wired infrastructure at home. The house is older, has aluminum siding, so the phones tend to have a crappier signal.

    I can put up this, especially if the pre-order price was near half of what they are asking. Some one else will come along and make something close, and the pricing wars will begin.

    Brian, maybe once you’ve had the system up for a pretty good period of time you can provide a quick review to see how well it stands up in about any unique situation, especially the security side of the house.

  14. As noted, it’s pricey. Other than the app-based access, nothing that can’t be done by the reasonably sophisticated user. Of course, reasonably sophisticated users generally aren’t the problem.

    I’m just surprised that none of the big SOHO wireless router companies haven’t shipped consumer boxes with DD-WRT or OpenWRT on them. . . . or shipped a new system with 90% of these features. . .

    • Manufacturers probably have government contracts for putting in buggy firmware so they have no capability or incentive for installing better performing, more secure firmware.

      There are some vendors like FlashRouters – https://www.flashrouters.com who do provide upgraded routers and DD-WRT warranty/support. Something no manufacturer seems inclined to provide.

  15. No IPv6? No thanks.

  16. I’m renting an AP from my ISP at the moment because I get something that would have cost me $100 to $200 for a few bucks a month. Even it can just barely cover my two-story house. But I can log into the GUI, change any password I want, tweak power output, set channels, set up firewall rules, configure it to send syslog data to a server, etc.
    I’d love WiFi that increases my range, is easy to set up, is secure, and just works.
    But this is priced way out of my range and we have to rely on the company’s word as to what it is doing under the hood.

  17. Brian, you might find it a useful followup to stick these eero devices behind a router with openwrt and mitm all the traffic to their cloud. It would be interesting to see if the claims about information collection are true as well as the update process.

  18. Nice review, Brian. I like to see innovation in this space. I think there is a large potential market for compact, good-looking, easy to use and secure routers.

    Can you say more about the security angle? Automatic updates are good. As far as the phoning home, does eero make the logs and data files available to the owner. I can’t see trusting a device unless all outgoing traffic is transparent. I realize this might not be a normal feature, but in the reality we face today it needs to become normal pronto, and any networking device released circa 2016 should be rethinking security from the ground up.

    Continuing with the security angle, what OS does it run? Did they build a new router OS clean-sheet, or is some kind of Linux or BSD deal? Linux as implemented on most such devices is extremely insecure by default. To your point about stale firmware sitting on millions of home routers, there are lots of ancient Linux kernels humming out there, with Shellshock and scores of other, worse vulnerabilities, glibc holes, etc.

    What’s the hardware like as far as the CPU or app processors? ARMx? Is their software and firmware written in C? Do they say anything about their coding practices or security audits? I’d want to see security audits of their stack. Again, I realize that this may not be common, but at this point I think we need to push hard for companies to say a lot more about their code and for independent security audits as a matter of course. For example, see John Regehr’s post on the audit that PolarSSL passed recently: http://blog.regehr.org/archives/1261

    There’s no reason to take a product seriously from a security standpoint if it’s software is written in C and it hasn’t passed security audits. It *will* be exploitable in such a case. Especially if it’s running crusty POSIX OSes, but even if it isn’t. The probability of it being secure given an above average group of C developers, and no security audit is basically .0000n.

  19. Personally I stitch multiple routers together via ethernet, either via powerline ethernet or just regular old Cat6 ethernet runs. PLE works surprisingly well in newer homes and older homes can be updated at the home’s primary breaker box to bridge lines so that traffic can flow across circuits. The latter can be relatively expensive or inexpensive depending on your ability to work with electrical circuits. However without that you simply need to chain them all onto the same circuit in a home, a process that isn’t necessarily complicated. N66s are going for under $100 now and 2.4Ghz-only routers are under $30, so you can stitch together a broad, secure network for a fraction of this price… and you don’t risk having your network breached after the “cloud” divulges your configuration data.

    By stitching I mean having the primary router connected to your internet service, with DHCP and other services enabled, while additional routers just get static IPs in the same network segment with DHCP, uPnP, etc. disabled. The only problem is that sometimes a device will maintain a deathgrip on a particular router no matter how weak its signal gets, but you disable/enable WiFi on that device and it will pop over to the closest router.

  20. Brian – I was kinda expecting that you would have some sort of technical assessment component to this post – but didn’t see anything like that. Did you do any form of security testing with respect to these devices? If so – how did they fair?

  21. Why is your website showing posts for March 16 when it is March 1o today? Could somebody have hacked your website?

    • The big number is the day.

      • It may seem straightforward to you since you chose and implemented it but I’ve always found it a bit odd and cumbersome. Even after knowing the way it works I still have to stare at it for a few seconds reminding myself which is the day and the year. It’s not a date format I’ve seen anywhere else and therefore doesn’t reflexively register. However to your credit I will admit to respecting that at least you bother to put a date stamp. What really drives me mad is when articles and blog posts contain no date at all and you can’t figure out the context of the time period they were written in or, worse are referring to!

  22. When I checked your website stories are being listed, according to what I am seeing, as being March 16 stories. It is March 10.

  23. Brian, thanks for the review. I got my set of eeros yesterday and will set it up next week-end to see hoe coverage improves. I am a big fan of autoupdates for security so I will be looking to a bit for that channel on outboud traffic.

    I am currently on a Google/TP-Link which has pretty decent coverage for my house, except in its farthest reaches. Easy to setup through their app as well.

    Before I used a Netgear AC1900 with DD-WRT even though that seemed to limit the reach of less than the standard firmware. Still the capabilities of the DD-WRT firmware in terms of VPN, etc outweighed that small loss.

  24. hi,

    what happen if they go out of business ? do you loose any capacity to configure your devices ?

    also what happen if someone buy the expired domain name after they fail and start messing with the updates ?

    all devices that need external servers are flawed by the fact that the failure of the mother company means you can throw your equipment in the trashcan.

    regards,
    Ghislain.

  25. Thanks, Brian, for the hardware review. I think that you do an excellent job of laying out the pros and cons.

    Since you ask at the end of your review for “would you buy” feedback, I’ll say that today the cons outweigh the pros in my opinion. Personally, the big drawback of the eero system is the “black box” aspect–that we must put our trust and faith in an outside entity without knowing what’s really happening.

    The big pro of eero, however, is the involvement of Nick Weaver, who I’m aware of in other contexts, and who has done really good security work. I hope that Nick’s company continues eero firmware development and that at some point in the future eero becomes a really decent home networking choice.

    But that point has not yet occurred, in my opinion.

  26. Spencer Alessi

    This sounds like it might be a “consumer grade meraki” system. Sounds interesting to me. Price may be a barrier for the average consumer.

  27. Built for security – requires a mobile app that will probably require unnecessary permissions, and a bunch of personal data to set up. Guess how much personal data my home router requires? None.

    The security selling point is AES. That’s great and all, but I don’t think it validates buying the product. The native ability to extend is valuable, no doubt. And I always prefer to connect via wire to config. One less thing to troubleshoot if something goes wrong during setup/deployment.

  28. If someone else manages and has access to it, it isn’t secure.

  29. I’m sorry, but if I have to use a phone app to set something up then I’ve given them the keys to the kingdom already.

  30. Thanks Brian for doing this write-up! Perusing the comments it’s not surprising that other readers may look at this write-up as payola. You proved why that is not the case by disclosing that you waited like any other customer for a year. There are valid concerns about using just a smartphone app and a companies proprietary cloud to deploy wireless mesh networking. Luma, which is yet to be released, is more of a hybrid router/wireless mesh device that still uses a proprietary cloud app for deployment and configuration. I can Definitely use this technology in it’s current form for certain clients. I agree that for IT folks, granular security on the local device is our desired default but in the unforgiving space of real-world user support the ease and cloud administration is a real benefit for those clients who can absorb the security risk and get benefits from using this kind of mesh networking. The 2×2 radio config is the secret sauce imo.