Should I unplug my Kuna? Or can it be secured?

JDJ

n3wb
Joined
Oct 19, 2018
Messages
25
Reaction score
15
Location
Oregon
I installed a Kuna exterior light before I knew anything about network security. Kuna is like Ring, allowing you to watch live video through your phone, serving as an intercom, etc. To set it up, you provide access to your Wi-Fi network, and it takes it from there.

It's features are great, and it boosts the Wife Approval Factor (WAF) as a serious bonus. But if it can't be secured, I will disconnect it and go back to screaming, "Who's there?" every time the doorbell rings until I find a safer alternative. I'd rather have my network buttoned down.

I searched the forum, and the Internet at large, but nothing jumped out at me in terms of some big specific risks. Generally speaking, once I've made a long, thorough search, the moment I confess my failure to find my objective numerous people show me how they instantly got endless results. I call this JDJ's Law of Information Technology #47.

That being said, there's usually a lot of valuable additional information in the replies on this forum that add to my general knowledge, so there's that.

So, is there a way to secure Kuna, or should I unplug it from Wi-Fi?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
31,433
Reaction score
10,352
I installed a Kuna exterior light before I knew anything about network security. Kuna is like Ring, allowing you to watch live video through your phone, serving as an intercom, etc. To set it up, you provide access to your Wi-Fi network, and it takes it from there.

It's features are great, and it boosts the Wife Approval Factor (WAF) as a serious bonus. But if it can't be secured, I will disconnect it and go back to screaming, "Who's there?" every time the doorbell rings until I find a safer alternative. I'd rather have my network buttoned down.

I searched the forum, and the Internet at large, but nothing jumped out at me in terms of some big specific risks. Generally speaking, once I've made a long, thorough search, the moment I confess my failure to find my objective numerous people show me how they instantly got endless results. I call this JDJ's Law of Information Technology #47.

That being said, there's usually a lot of valuable additional information in the replies on this forum that add to my general knowledge, so there's that.

So, is there a way to secure Kuna, or should I unplug it from Wi-Fi?
Simply Connect it to your guest Network.
 

JDJ

n3wb
Joined
Oct 19, 2018
Messages
25
Reaction score
15
Location
Oregon
Thank you fenderman, I got the guest network to show up as a selection for the Kuna, and it completes the connection process and gives me a Kuna "success" message.

But then Kuna throws a "Wi-Fi error/Camera offline" message.

My Linksys WRT 1200AC router documentation revealed this interesting clue:
NOTE: The Guest will appear unsecured in the list of available wireless networks. However, guests are always required to enter the guest access password once they open a web browser.

Since it requires the password to be entered with opening a browser, I'm guessing that the Kuna hits that password request (which is invisible to me) and that stops everything.

Is this possibly a limiting feature of the Linksys router itself, asking for a password only when a guest opens a browser?

If I need to buy one of those sweet ASUS routers that folks around here talk about, I would not mind at all. But if there is a way to solve this on my current Linksys router I'd do that in the meantime.

Thank you.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
31,433
Reaction score
10,352
Thank you fenderman, I got the guest network to show up as a selection for the Kuna, and it completes the connection process and gives me a Kuna "success" message.

But then Kuna throws a "Wi-Fi error/Camera offline" message.

My Linksys WRT 1200AC router documentation revealed this interesting clue:
NOTE: The Guest will appear unsecured in the list of available wireless networks. However, guests are always required to enter the guest access password once they open a web browser.

Since it requires the password to be entered with opening a browser, I'm guessing that the Kuna hits that password request (which is invisible to me) and that stops everything.

Is this possibly a limiting feature of the Linksys router itself, asking for a password only when a guest opens a browser?

If I need to buy one of those sweet ASUS routers that folks around here talk about, I would not mind at all. But if there is a way to solve this on my current Linksys router I'd do that in the meantime.

Thank you.
I am not familiar with the Linksys but I can't imagine that it doesn't allow U2 disable the password page request... Do some Googling...
 
  • Like
Reactions: JDJ

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,064
Reaction score
672
I googled a bit around as your question intruiged me: ASUS for example does have multiple (encrypted) guest wifi channels available, to even provide separated IoT "vlan"-alike networks, for these cams, google homes, rings etc. So I checked for this linksys, and indeed:
11. My device does not have a built-in web browser. How do I connect to the Internet when I am on the Guest network?

Since a web browser is required for the Guest network, your device would have to connect to the main wireless network to access the Internet.
So bottom-line: middlefinger and off you go.

What are your options? Either you put a "simple" access point behind your Linksys, and make a "guest"wifi yourself, including WPA2 and other giggles. However, by chaining it underneath your Linksys, this Ring thing still has access to all your other LAN devices. Which is, in my paranoid state of mind, a no go. So having a second router next to your linksys might be a better solution, but then you need to switch wifi from the linksys to that other one to view the cam feed. OR, open a VPN tunnel towards the Ring. But then you are building up an immense difficult networking setup, tons of cables, tons of setups, and in the end, a nightmare to maintain. Depending on how far your leash goes with the wife, you can have a look in "doing it on your own", by doublechecking whether (or not) dd-wrt runs on your linksys - they might have a solution on guest wifi's for you. Or, you go to some "profession" range of networking gear (eg like Edgerouters), then you're up for some great adventure with vlans, firewalls, routing tables and all these fun things.

Hope this helps!
CC
 
  • Like
Reactions: JDJ

JDJ

n3wb
Joined
Oct 19, 2018
Messages
25
Reaction score
15
Location
Oregon
I googled a bit around as your question intruiged me: ASUS for example does have multiple (encrypted) guest wifi channels available, to even provide separated IoT "vlan"-alike networks, for these cams, google homes, rings etc. So I checked for this linksys, and indeed:


So bottom-line: middlefinger and off you go.

What are your options? Either you put a "simple" access point behind your Linksys, and make a "guest"wifi yourself, including WPA2 and other giggles. However, by chaining it underneath your Linksys, this Ring thing still has access to all your other LAN devices. Which is, in my paranoid state of mind, a no go. So having a second router next to your linksys might be a better solution, but then you need to switch wifi from the linksys to that other one to view the cam feed. OR, open a VPN tunnel towards the Ring. But then you are building up an immense difficult networking setup, tons of cables, tons of setups, and in the end, a nightmare to maintain. Depending on how far your leash goes with the wife, you can have a look in "doing it on your own", by doublechecking whether (or not) dd-wrt runs on your linksys - they might have a solution on guest wifi's for you. Or, you go to some "profession" range of networking gear (eg like Edgerouters), then you're up for some great adventure with vlans, firewalls, routing tables and all these fun things.

Hope this helps!
CC
Thank you very much, that helps a lot.

It looks like I can't run the Kuna securely on my current Linksys router, and my Linksys is generally lacking additional security features which are built into ASUS routers.

So I'm planning to buy a router that people on the forum have talked about, the ASUS RT-AC68U which will hopefully be on a Black Friday sale.

If the ASUS permits me to secure the Kuna on a guest network, great. If not, well, like you say, middle finger to the Kuna until I can secure it. There's no way I'm compromising security after what I've learned recently. At least I'll still have a nice looking porch light.

I am also planning to eventually do the advanced stuff with vlans, firewalls, routing tables etc., but I have some distance to climb up that learning curve, so the ASUS router should serve me well until I get there.

I appreciate your comment.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,064
Reaction score
672
With pleasure!

I also started couple of years ago with an Asus RT87U, provided all what I needed back then, guest wifi, torrenting (ay ay), USB file sharing and more importantly OpenVPN. Make sure you read in what RMerlin is, and which benefits its carrying with it. (Un)fortunately, this RT87U (with dual networking chipsets) is able to handle vlans, but some ports carry dual chipset signatures, which makes them, in the end, unusable for hardcore networking tricks.

Since last year, I did a huge (lol) investment of 56$ and bought an Ubiquity ER-X. Internet dives in on eth0, eth1 is vlan output for IPC/NVR, eth2 is for a fully separated (guest) wifi, and on eth3, there's the good ol' ASUS connected, which still holds my core LAN components like NAS, home theater & media hubs. The ER-X handles the vlans, but also intranet routing & firewalling (eg. I can dive in from VPN into IPC - but not all devices can). And with Ubiquity, you can go skyhigh with smartswitches, antenna's and even long-range devices. All toys for boys :D Worth the whopping 56$.

Hope this helps!
CC
 
  • Like
Reactions: JDJ

JDJ

n3wb
Joined
Oct 19, 2018
Messages
25
Reaction score
15
Location
Oregon
With pleasure!

I also started couple of years ago with an Asus RT87U, provided all what I needed back then, guest wifi, torrenting (ay ay), USB file sharing and more importantly OpenVPN. Make sure you read in what RMerlin is, and which benefits its carrying with it. (Un)fortunately, this RT87U (with dual networking chipsets) is able to handle vlans, but some ports carry dual chipset signatures, which makes them, in the end, unusable for hardcore networking tricks.

Since last year, I did a huge (lol) investment of 56$ and bought an Ubiquity ER-X. Internet dives in on eth0, eth1 is vlan output for IPC/NVR, eth2 is for a fully separated (guest) wifi, and on eth3, there's the good ol' ASUS connected, which still holds my core LAN components like NAS, home theater & media hubs. The ER-X handles the vlans, but also intranet routing & firewalling (eg. I can dive in from VPN into IPC - but not all devices can). And with Ubiquity, you can go skyhigh with smartswitches, antenna's and even long-range devices. All toys for boys :D Worth the whopping 56$.

Hope this helps!
CC
Success!

I got my new ASUS RT-AC68U router installed and I was able to connect the Kuna to the encrypted guest network.

I'm glad to have this running again, this time securely, and appreciate the help.
 
Top