WiFi Password Transfer & Storage?

beaker353 · 2016-05-19 06:58:37 UTC

Installed my Rachio controller today. Quite impressed with the build quality and clean/efficient iOS interface. However, the method of WiFi password exchange & storage has me a bit, well, concerned. I get that the Rachio iOS app automatically retrieves the WiFi password from the iOS and loads it onto the controller somehow (I’m far from happy that is even an API Apple gives developers without direct permission of the user and will be taking that up with them separately). First, how does the password actually get sent to the controller? If it doesn’t have the password to my WiFi network yet, then it can’t communicate via my WiFi network to pass the password from my iOS device to controller. Chicken and egg problem. Something else must be at play, care to elaborate on what’s actually going on? Secondly and much more importantly, are our WiFi passwords being transmitted or even worse stored on Rachio servers then? You potentially have my street address, my WiFi network name, and password stored. Seems like a potential treasure trove of information that hackers would just love to have. What is the data path of my WiFi password and if it is routed/stored through Rachio controlled servers, what is being done to insure data security?

-EM

briansusername · 2016-05-19 13:09:29 UTC

I’ve assumed that Rachio has implemented Apple’s “Wireless Accessory Configuration” protocol to do this Wi-Fi exchange. This requires being part of Apple’s MFi program for hardware accessories to iOS as well as using a particular Wi-Fi chip, vetted by Apple for security. (incidentally, the same chip that is required for HomeKit support, I believe).

I tried to look into how WAC works, but it seems the details may only be available to MFi program members. Here is a programming reference to the process:
https://developer.apple.com/library/ios/documentation/ExternalAccessory/Reference/EAWiFiUnconfiguredAccessoryBrowser_Class/index.html#//apple_ref/occ/cl/EAWiFiUnconfiguredAccessoryBrowser

Google “Wireless Accessory Configuration” for more references, though not really any more details…

beaker353 · 2016-05-19 15:10:02 UTC

The API looks like the iOS device and the Rachio controller communicate directly with each other via a ad-hoc WiFi network just setup long enough to pass the network name and password. From that point forward comminication I assume is over the normal WiFi network. Pretty slick, though I still have an issue with my iOS device not asking my approval to do this first. Considering I must individually approve every single no-Apple app that wants access to contacts, my GPS location, or my photos, the lack of user intervention here sounds dodgy at best. I would like to hear from Rachio though that my WiFi credentials never pass through their systems…

-EM

franz · 2016-05-19 16:54:59 UTC

We never have access to WiFi credentials in our systems.

obmd1 · 2016-05-20 15:15:05 UTC

This is just like any other phone linked wifi enabled hardware… Ring, Dropcam, Nest, etc… I think it was the fact that the password didn’t need to be entered that was flumoxing. I assumed it was a blinded handshake.

rachioray1230 · 2017-05-31 05:13:59 UTC

I don’t believe Rachio’s Get 2 is MFi certified. Usually those type of devices market “Made for iPhone” on the box.

And Apple’s “Wireless Accessory Configuration” would still prompt the user asking for permission to pass credentials to an accessory like HomeKit does.

I got off the phone today with a technical support rep and all she could say was that Rachio’s iOS app pulls the password from the devices Keychain. How’d it even get in there without my permission?

plainsane · 2017-07-18 05:13:46 UTC

iOS doesn’t allow an app to aces the password. That is part of the cert process, using undocumented kernel calls. I would assume the logo is not on the side of the box because of a licensing fee?