How eero keeps your network safe and sound
We continue to add devices to our WiFi networks to make our homes smarter, more efficient, and better connected. As a result, lots of important data — everything from credit card numbers to family photos and videos — flows through our networks. Despite increasing potential vulnerability, WiFi security technology has evolved slowly, if at all.
Router manufacturers, both large and small, trade speed-to-market for quality — simply repackaging out-of-date software that has known security, reliability, and performance issues. Adding insult to injury, most consumer-grade routers lack any way of automatically updating. Even when updates are available, few manufacturers make them known to consumers, so these updates rarely make it onto devices. Plus, consumers often keep routers far past their “end of life,” which is the point at which a manufacturer no longer issues software updates.
There’s also very little easy to understand network security information available to consumers. Most people install their routers, connect to the internet, and only think about them when things go wrong (i.e., the dreaded unplug-and-replug). It’s rare for customers to use network settings in a way that protects their networks — and all of the information on them — from malicious activity. One common example: most routers turn UPnP (Universal Plug-and-Play) on by default. UPnP is a protocol that opens firewall ports from the inside out to make connecting certain services, such as multi-player games or media servers, super easy. Unfortunately, UPnP is a standard that’s poorly implemented by many products that have no means to analyze UPnP port requests, and it notoriously puts home networks at risk.
Security for the modern home
Back in March, Brian Krebs, a computer security expert and reporter, did an interview with Nick, our CEO, and also a security-focused product review. But we wanted to go into a bit more detail.
Whether you live in a cramped studio or Versailles, the eero app helps get your network up and running in minutes. By handling the bulk of configuration on the backend, eero eliminates the risk of setting up your network incorrectly and inadvertently opening it to an attacker. eero does, of course, support advanced settings like UPnP and port forwarding, but it’s up to you to decide whether or not you’re comfortable bypassing eero’s firewall and establishing an open connection to the internet.
eero automatically checks the cloud for security updates and applies them when they’re available. This means your network will always have the latest software, and if we discover any vulnerabilities, we’re able to quickly debug the issue and deploy a fix to all eero customers instantly. To date, we’ve released nearly a software update a week — these have included various new features as well as performance and reliability improvements.
In 2016, welcoming guests into our homes means offering them the WiFi password as soon as they walk through the door. The eero app allows you to grant visitors access to a completely secure, fully isolated guest network with just a few taps. You can easily generate a different guest network with its own secure password to share with visitors while keeping your even more complex and secure home network password private. This helps ensure there are no loopholes for attackers to exploit in order to infiltrate your network via guest devices.
eeroOS — the foundation of eero’s home WiFi system
When we started developing the eero WiFi system, we quickly realized that the widely-adopted approach of using pre-packaged software didn’t meet our standards for quality, flexibility, or security. Instead, we decided to build our own operating system (eero OS) from scratch, which gives our engineering team freedom to customize pieces to our liking and incorporate fixes that happen in the open-sourced community. Some examples of components we diligently maintain include the Linux kernel and OpenSSL.
eero cloud — our distributed service layer
While eeros have significant local computing power onboard, we knew that highly scalable, cloud-based infrastructure would allow us to have practically unbounded storage, memory, and horsepower. The eero cloud lives in highly available data centers with multiple points of redundancy. To ensure the connections between eeros and the cloud are completely secure, we useTransport Layer Security (TLS), an industry standard security protocol, and eero only uses WPA2 network security, the most secure standard currentlyavailable. The eero cloud is supported by a team of engineers with broad industry experience from companies like Apple, Microsoft, Twitter, Google, and Salesforce — you can think of it as a remote network engineer working to ensure your network is properly configured and safe at all times.
eeros check in with the cloud about every 10 seconds. Access to this real-time data allows us to continually improve all eero networks and do really interesting things like see regional internet outages, track bugs impacting specific network configurations, and build even better tools and features over time. For example, if a specific type of device regularly causes issues, we’re able to monitor this across all eero networks and alert users with that device. As has always been the case, we don’t track the websites you visit or collect data on the content of your network traffic.
Experts in security
We’re happy to walk you through configuring advanced features to properly set up your system for the way you and your family use the internet. We have a team of experts in Austin who are available (almost) around the clock to help ensure you’re utilizing your eero system to its full potential. We’re even happy to walk you through a complete security audit to make sure every part of your network is secure.
We’ll continue to be open about how we think about security — how eero safeguards your home and how we keep your private information truly private.
If you’d like to report a potential vulnerability, contact us at email@example.com.