Is this based entirely on the SSID? In other words, could I force other people's phones to connect to my router by just changing the name of my Wifi network?
That seems like an obvious security vulnerability.
The SSID is the key. There is no other security as far as I understand it - you can test this by changing routers and naming the SSID and password the same. Devices will join this new network no questions asked.
> There is no other security as far as I understand it - you can test this by changing routers and naming the SSID and password the same. Devices will join this new network no questions asked.
AIUI this is a feature, not a bug. It allows devices to switch between different access points automatically.
For example, a large school will need to use many different access points in order to cover the entire building. Students will not want to manually switch between all of these access points, so the school gives each one an identical SSID and password. Devices will then switch automatically as needed.
I read this as cellular providers offloading traffic from their networks by making it so phones will piggyback on Wi-Fi networks. Maybe a symptom of increasing demand for more data but unwillingness to eat the cost or too many users. With Wi-Fi calling they’ve got that covered.
Hardly exotic these days. I have multiple APs at home, all sharing the same ssid with automatic handoff. Practically every ASUS router (at least) can do it, and it's only a few clicks to set up.
Every 802.12-compliant AP can do it. They can even be of different brands, since it’s just the Wi-Fi equivalent of plugging your computer into a different switch on the same (switched) subnet.
The Asus stuff is bit fancier than that, and will do stuff like optimize which AP each device connects to via signal strenth. It's true mesh networking.
> optimize which AP each device connects to via signal strenth
That's how most 802.11 STAs (clients) make a standalone roaming/handoff decision. But if the vendor supports it (and the APs can cooperate towards providing it, such as yours, probably), there's also 802.11v, which allows the APs/network to make the roaming decision based on their respective load, view of the client's signal strength (and not only the client's view of theirs) etc. It's nothing unique to Asus, though.
> It's true mesh networking.
Mesh networking is something else yet, as it concerns how the backing network of the APs is created and managed. You can have 802.11v with Ethernet-connected APs, or plain client-side roaming with meshed APs.
That is how pre-shared key (PSK) WiFi works, but it's not how WiFi that uses strong authentication (e.g. WPA2 Enterprise) works.
There may be bugs/vulnerabilities in the stronger authentication, of course.
Using PSK for untrusted clients is a bad practice, because everyone who knows the PSK can decrypt all of the wireless traffic even without setting up a malicious AP with the same SSID. If a phone carrier were forcing devices onto PSK networks, it would be an even bigger problem than the one discussed here.
Basically, this is a HUGE argument with several simple solutions, but it does BEG to be resolved promptly before the vulnerability (and the WTF) threshold go through the roof...
That seems like an obvious security vulnerability.