Hello All – I am trying to figure out why my PA-II built-in wifi is still showing up even though the device is connected to our wifi and shows all good when connected.
I read in the docs that once the PA-II is connected to your wifi the built-in wifi will be turned off but I clearly still see it and can connect to it while it still connected to my wifi and when I do I can see what wifi the device is connected to.
Anyone have any insights into this and/or why the PurpleAir-XXXX network would still be showing up?
Also, the PurpleAir-**** network will disappear after it connects to WiFi with an internet connection. Is an internet connection currently available? You can test this by trying to browse the internet on a mobile device with mobile data disabled.
Hi @Ethan - Thank you for the response. Let’s see I have a opnsense hardware appliance that handles my routing.
Ahh OK so it has some kind of internet connectivity check for disabling the PurpleAir-XXXC wifi. Do you happen to know what ip/dns the purpleair device calls out to for internet connectivity validation? I can dig in my firewall and/or dns logs to see if something is blocking it. Oh I suppose I can go check those now even but having the info from you would be great as well.
Hi @Ganon thanks for tip. My device is on a different subnet than that but good thinking.
One thing I did notice while working on a a local data scraping project is that my device returns within the json which seems to make me wonder more about if the device is calling out to somewhere that I am blocking in my network. I havent dug too much into finding out what its calling out to yet.
Same situation here. My sensor is showing and updating on the map, and I also have a network PurpleAir-xxxx on my network list. I can connect to the PurpleAir network, and get the PurpleAir config screen which says “WiFi Connected Looking good!” I’m not using 192.168.4.0 subnet. My network to which the sensor is successfully connected has internet access, which is why the sensor shows on the map. (And the map shows signal strength “good”).
This is a valid point and to even extend that further what if the person connecting to device can figure out how to extract the user wifi password from the plaintext file it is being written to on the device. This could potentially be done using a directory traversal attack (Path Traversal | OWASP Foundation) against the web front end. Not sure if PurpleAir has had any security testing done.
Then said attacker would have access to your wifi network. Which is also why I have all my IoT devices on a VLAN restricted to only Internet vs any Intranet access and trackers blocked as well as monitoring in place.
I have a site that may not have internet connectivity all the time, but I can’t have these devices broadcasting an open wifi network. As mentioned elsewhere, this is a security concern; the device could be reconfigured by anyone who connects it, or in the worst case a security hole might reveal the wifi password.
To clarify, the desired behavior is that the device does not broadcast an open wifi network after the device is registered, regardless of its wifi connection state or internet connectivity state.
In the case that a device reset is needed, it’s easy enough to create a password-protected “PurpleAir” hotspot that the device will connect to on boot, for reconfiguration.
I had this issue (192.168.4.x subnet) using an eero router. In case it’s helpful to others, I resolved the issue by adding the sensor to my eero’s guest network, which caused the device to be in a different subnet.
I have the same problem. No matter how many bars are shown on the map for my device connectivity, the sensor is still broadcasting its own network. I am wondering if PurpleAir is even monitoring this community as they are clearly not addressing their customer concerns. No password on the sensor, broadcasting for anyone to hijack the sensor … what other security issues have you hidden in the sensors? Hello PurpleAir, we are providing the data for your advertising map; we are providing the power and the network! How about you start fixing the things that might force us otherwise to take the sensor of the map?