D-Link’s NZ$600 Covr attempts to help home users fill Wi-Fi blackspots. I say attempts because the results are hit and miss. Most of the time it misses.

The kit first arrived at Castle Bennett in May. I tried and failed to make it work at the time. This week I tried it again and got it to work. Yet, as we shall see, it disappointed.

In the last few days I’ve been busy revisiting and retesting all the routers and related kit that I have to hand.

Chorus installed my fibre this week. I’ve a gigabit line. So for the first time Wi-Fi is my speed bottle neck. There’s a slew of products which, on paper, promise Wi-Fi speeds greater than 1 Gbps. None of them come close.

More about that in another post. Let’s get back to Covr.

During testing it worked as expected for a fleeting moment. The system was unable to create a stable network for more than 20 minutes at a time. When it did manage to work, the performance was erratic and poor.

Covr is an unwelcome reminder of the bad old days of home networking.

If you were there you’ll know what I mean. In those days a new piece of software could make a network grind to a halt. At times it felt like a sneeze could put a home network out of action for hours.

D-Link Cover home wireless mesh network nodes

Mesh network

D-Link’s Covr is an example of something known as a mesh network. This is a way of spreading Wi-Fi signals over a larger area than a single wireless router might cover. In effect you have three connected wireless routers, but to the user they look and act like a single router.

Mesh networks are common in offices, campuses and large buildings.

You might want a mesh network if you have a large home or the house is laid out in a way that means the Wi-Fi isn’t strong enough in places where you want it. Say you’ve had fibre installed next to your TV at one end of the house and a kid’s bedroom at the other end gets a poor Wi-Fi signal.

There are other consumer mesh network products on the market. Most seem to suffer from similar flaws. This suggests to me this is because the technology isn’t quite ready for everyday users.

If Apple hadn’t lost interest in home networking, mesh technology would be ripe for that company’s attention. Apple has a knack for packaging unpolished technologies in a consumer friendly ready-to-use format.

Not so simple

In the Covr box are three wireless access points. One is the main unit. D-link calls them nodes.

Each node has a power supply. And that means it needs a power socket. The power cables are about a metre long, so you’re restricted to putting nodes near power outlets. There is a rival home network technology that uses power outlets. You might want to consider that instead of Covr.

The box also holds a single Ethernet cable and, for the aesthetically minded, alternative colour fascia plates for the access points. Presumably this is to make sure your nodes don’t clash with the curtains. I find this silly because even if you change the cover the nodes still stand out.

There’s also a sheet of paper optimistically labelled Simple Setup Guide. You can work through this, or you can download an iOS or Android app that walks you through the process.

As we shall see, the app didn’t work for me. Which meant I had to return to the paper instructions.

Covr app

The app tells you to connect the main node to a power supply and to turn off your modem. You then connect the access point to the modem with the Ethernet cable and switch everything on. Once everything is running, you are then asked to log into the Covr wireless router from your phone.

In my case this simply did not happen. The iPhone could find the router, but it couldn’t log on. Nor could my small iPad Pro or my other iPad Pro. I then tried to do this all over again with an Android phone. Once more, there was nothing. Four attempts with four devices didn’t work. Not a sausage.

When I first tried Covr I gave up in frustration at this point. This time around I attempted to manually log-in to the router from a desktop Mac. It worked. I managed to get into the web-based control panel.

Part of the panel shows a map of the network. If one of the connections, and this includes the connection from the main node to the internet, is broken it shows up in red. At this point things appeared to be running fine. The next task is to configure the secondary nodes.

Secondary nodes

In some ways configuring secondary nodes is clever. As already mentioned, you have to find an extra power socket to do this. Given the master node needs to connect to a modem which needs to connect to the fibre ONT and all three need a power supply, you need four power points to configure Covr. I had to use a distribution board. There are other cables here, so it is a rats’ nest.

Once you have power, you then connect the secondary node to the main one using the Ethernet cable. After a few minutes the light changes colour. When it turns white, you’re configured.

At this point you can unplug, move the secondary node to a Wi-Fi blackspot and connect it by wireless back to the mothership. The light flashes orange then glows white when you can connect. You may need to move it about for a while until it turns white. Let’s hope all your Wi-Fi blackspots are in easy reach of a power socket.

A working wireless mesh?

At this point I had a working wireless mesh. Well almost. None of the mobile devices would connect. But I did have strong signals around the house and all the PCs in the house were able to connect.

After about 20 minutes of a working mesh network, the main Covr node lost its internet connection. I should point out that nothing had moved, there were no external events, no visible triggers.

Next the secondary nodes dropped off the mesh network. I spent an hour troubleshooting, but nothing I did changed things.

Eventually I decided to reboot everything and start once more from scratch. It took about an hour to get back to the same point with a working mesh. About an hour later it all fell apart again.

This was the pattern all day. Actually I’m not sure about that. I gave up the third time the network collapse. Life is too short. In the end I packed the Covr bits and pieces back in the box. It’s not for me.

Performance issues

During the brief interludes while things were humming, I tested the internet connection speed from the iMac. It was getting around 150 mbps up and down. This is less than half the usual connection speed through the main UFB modem and wireless router. Typically the iMac ‘sees’ 350 to 420 mbps. So the price of filling in Wi-Fi blackspot is a much slower connection.

It turns out poor performance is by design. Mesh networks in offices and factories have a separate channel to manage traffic between nodes. Covr uses the same Wi-Fi bandwidth that connects devices to the access points. In other words it shares the connection with your devices. This explains why we only saw half the usual connection speed.

I can’t recommend D-link’s Covr. It seems half-finished. There was a firmware update that I installed before testing, so the software is up-to-date.

Of course, you might have a different experience. The fact that none of the devices, other than the computer, would connect is a deal-breaker. For me the slow network speed is also a problem. I’d prefer to spend the NZ$600 asking price on a better quality wireless router and learn to live with any Wi-Fi black spots.

Ben Kepes writes about an infosec panic:

Bitglass, a company that is all about protecting organizational data, wanted to see the impacts of widespread use of public wi-fi, alongside the use of unsanctioned file sharing solutions…

…Bitglass’ threat research team tested two real-world scenarios—public wi-fi use and sharing of data from within a cloud app. The assumption being that the combination of public (and, one assumes, at-risk) wi-fi and cloud file sharing apps (shock, horror, cue the “cloud is risky” FUD) would deliver a double blow of cataclysmic risk.

Source: Public WiFi plus cloud file sharing: A recipe for InfoSec panic? « The Diversity Blog 

Kepes goes on to talk about his experience of using public wi-fi. He says he uses it a lot and never runs into trouble.

That makes sense. But it misses something. Kepes is motivated. He owns a business. He has enough experience, knowledge and sense to steer clear of obvious traps.

You, I and Kepes might be sensible. You can’t assume everyone using an enterprise computing app on a mobile device will be as careful or as savvy.

No amount of training or awareness programmes changes that.

Risky, not too risky

Organisations are at risk from careless use of public wi-fi. As Kepes points out the level of risk might not be high.

There is a simple way to deal with the risk. Build VPN functionality into every heavy-duty mobile enterprise app. That way that users have a secure, encrypted end-to-end link from their mobile device to the server handling their data.

VPNs are not expensive, they are not hard to build. They don’t impose much of a performance overhead.

Enterprise software companies can absorb the cost, a few cents per month, into their pricing model. It makes sense to guarantee security with an insurance policy against data being hijacked between a mobile device and the server.

Kepes’ point, is spreading fear, uncertainty and doubt undermines cloud computing. In general, cloud is more secure than older computing models. You might not expect cloud infrastructure vendors to address mobile access risks; it should be a priority for an enterprise SaaS business.

Symantec Norton wi-fi protectionTwo-out-of-three New Zealanders think their personal data is safe when they use public wi-fi hotspots. Roughly the same number use hotspots regardless of the consequences. Hardly any users know if they are transmitting data safely when using public wi-fi.

These are Key findings in Symantec’s 2017 Wi-fi Risk Survey.

Wi-fi is popular. Symantec found half of all New Zealanders ask for a wi-fi password when at locations such as a friends house, hotel or café. Almost a third ask for that password within minutes of arriving.

Wi-fi reality

Symantec territory manager Mark Gorrie says the attitudes are out of touch with reality. He says: “People often put their personal information at risk”. You don’t have to look far for examples. Gorrie says 84 percent of people will use public wi-fi to check their bank details online.

Gorrie says sites masquerading as legitimate hotspots often set up to lure users and collect private information. It’s not always known what they do with the information. Not every data collector has a criminal intent.

One of the strangest findings is that many users think they can tell if the apps they use are secure when transmitting data on wi-fi. Gorrie points out that even security experts have no way of knowing this. You need sophisticated tools to monitor traffic to check this.

Virtual private networks

Symantec’s angle on this is that the company sells virtual private network software that can make wi-fi more secure. I’ve been using it for the last year, including on a trip to China and have the latest version for testing at the moment. More about that later.

Gorrie says he recommends this for anyone who may use sensitive information over a wi-fi connection. He says users who don’t want to go that far should just be more careful about the information they share on public hotspots. He says you should make sure you don’t set your devices to auto-connect when they find an unknown hotspot.

It’s good advice. It is safer to use mobile internet on the cellular network when in risky places. It’s much harder for criminals to set up a fake cell tower than a fake wi-fi hotspot.

Rolleston Canterbury New Zealand fibre

For most of us wi-fi is the wireless technology that moves data around the house. Or it might the service you log-on to in a cafe, airport lounge or local hotspot.

D-Link and Microsoft have a plan to use wi-fi as a way of connecting remote areas in poor countries to the Internet.

It’s not the wi-fi you know and love. The two are talking about a standard called 802.11af. You may see it described as “an air interface for white space frequencies”.

In the USA that means snippets of spectrum between 54 MHz and 698 MHz. Europe and the UK use a more modest selection of frequencies between 490 and 790 MHz. Much of this spectrum is already used in New Zealand by 4G cellular networks.

Super Wi-Fi potential

In theory the channels in these frequency bands can each take a few dozen Mbps. Engineers say they can bond the channels together to deliver a total bandwidth of more than 500 Mbps. Again, that’s theory.

Like all wireless bandwidth, it has to be shared between all the users, but bandwidth isn’t the most important aspect of the technology and the chosen spectrum band. Radio signals at these low frequencies can travel long distances. Engineers designed the  802.11af standard for signals to travel up to 1km from a single access point.

In other words, Super Wi-Fi isn’t going to compete with fibre or 4G cellular except, perhaps, on cost.

While 802.11af is designed as a point-to-point service, D-Link and Microsoft are keen to talk about operating mesh networks in places where there is no existing internet infrastructure. They say these will be used for voice phone calls as well as data, but these days there’s no real distinction between the two.

No doubt some small-scale rural broadband providers in New Zealand are checking the 802.11af specification as you read this. Perhaps it could be useful in more extreme remote locations. However, there’s a lot of work still to do. The af standard is still a work in progress.