Kindle 3 and WPA2

Although the original specs say that 3rd generation wireless Kindles can use WPA2, that turns out not to be true, at least in the real universe that I live in.

Back when I switched over to the new pfSense firewall/router/access point, I kind of expected that some devices on my network would have a problem. Our wireless menagerie in particular is made up of many devices whose expiration date passed long ago. Setting the access point so it only allowed 802.11g was a no-brainer from a networking efficiency standpoint. All of our devices (except a couple of unused Gameboys) could do at least wireless g. When it came to the security mode I initially chose WPA2 Personal with PSK and AES encryption. The encryption standard was dictated by the desire to allow my company iPhone on the network.

A couple of days ago I removed the Rosewill EasyN4 router that had been acting as a wireless repeater for the first floor of our house because it haus been dropping or refusing connections. While not optimal, the signal from the AP on our third floor was still good enough to allow everything to continue connecting (I do plan to try replacing the existing 5 dbi antennae with a new pair of 8 dbi units in an effort to improve that).

Except for the two 3rd generation Kindles we own. Neither was able to connect to the AP, even when sitting right next to it.

After scouring the Internet for awhile, I found this thread on the Amazon Kindle Forums. Now clearly the experiences related there are across a wide spectrum of different Kindle models and firmwares. Like most vendors of embedded devices made by contract manufacturers, Amazon doesn’t provide much technical information about the variations of hardware and software they ship. In that world “YMMV” is a given, and anyone who thinks differently just doesn’t understand how this stuff really works.

But taken all together, the comments on the forum were very helpful in demonstrating all the things that could go wrong with Kindle wireless connectivity and gave me a place to start with my own troubleshooting.

Surprisingly, I got lucky on the first try. Taking my cue from a comment that recommended setting the WPA mode to “Both”, allowing clients to use either WPA2 or WPA, I did just that in pfSense.

Voila! It worked.

Apparently the particular hardware and firmware I’m running (3rd generation Kindle Keyboard and regular Kindle with firmware 3.4) has issues with WPA2 security. By setting my AP to “Both”, the Kindles were able to drop down to WPA and complete their connections. While this isn’t a great result, for now it’s acceptable. These Kindles wouldn’t be very fruitful platforms for attacking my network, and the data they actually hold and exchange isn’t all that sensitive.

As I noted in my own comments on the forum, Amazon could fix this bug. But the prevailing wisdom among vendors of embedded devices is that they’re not worth updating past a year or two. This results sourcing product from the lowest bidder of the moment, each using different physical hardware components from their predecessors. Of course the imposition of a little engineering discipline might allow the use of common firmware across the whole product line, assuming management payed the requisite attention to detail.

Still, it does seem a shame that problems like this probably cause thousands or more units to go dark over time, resulting the loss of revenue to Amazon from those units if they could still get on the air.

But then, what do I know? I’m just one more tech.

This entry was posted in Hardware, Security, System Administration, Systems Analysis on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).