Why Doesnt OpenBeken Fall Back to AP Mode Like Tasmota Devices?

With all my Tasmota devices, whenever they lose connection for whatever reason to the WiFi network, then immediately fall back to AP mode where they broadcast their own open WiFi. This is super useful as it means if you ever change your WiFi settings or move the device to another location, you can easily regain access to it to update the stored WiFi credentials. Additionally, if the "expected" WiFi SSID reappears at any point while the device has fallen back to its AP mode, it immediately rejoins.

Is there any good reason why OpenBeken doesn't behave the same way?

There is some discussion about this in issue 1246.

The AP mode is just an open one. So if your WiFi goes down, and the device starts an open AP, everybody around could easily "hijack" your device.

I would agree this might be a good idea if the device becomes a secured AP, but this is not possible atm (though there is a first attempt for a WPA2 AP in PR#1256.)

If you really need this, you might be able to do something similar with some commands (calling the command "OpenAP" on a condition with "waitFor").

And there is always the possibility to force safe mode after 5 unsuccessful boots (restarting the device 5 times after a few seconds).

Isn't such behaviour a serious security threat? You can enable "Safe mode" in OBK by doing 5 power off/on cycles which is a bit more secure than just disabling WiFi...

p.kaczmarek2 wrote:

Isn't such behaviour a serious security threat?

Erm, not much more than being able to just find the device via a network scan and access its web interface anyway.
And presumably if security was of any concern, then:
"Web Authentication
Enabling web authentication will protect this web interface and API using basic HTTP authentication."...
Which presumably means that anyone accessing it when it reverts to Open WiFi would be presented with a password prompt before gaining access. Or does safe mode bypass the web authentication too?

p.kaczmarek2 wrote:

You can enable "Safe mode" in OBK by doing 5 power off/on cycles which is a bit more secure than just disabling WiFi...

I'll have to have a look at safe mode then. Sort of explains what was happening to my devices earlier when they appeared to have just "reset themselves" after the first reboot after initial setup and were no longer responding to buttons. Not sure why they went into safe mode if they did, because it was only one reboot and not five. What's the best way to exit safe mode if you've triggered it by mistake? Is it simply to re-enter the correct WiFi credentials, or is there another way, like just select restart from the web interface?

rickwookie wrote:

Erm, not much more than being able to just find the device via a network scan and access its web interface anyway.

I see your point, but there's quite a difference if someone who is "trusted" enough to have access to your WiFi can mess with the device or everyone around can access the device...

Added after 5 [minutes]:

rickwookie wrote:

Or does safe mode bypass the web authentication too?

No, it doesn't (even if there is a flag to do so, with the attribute "not recommended").

Added after 5 [minutes]:

rickwookie wrote:

Is it simply to re-enter the correct WiFi credentials, or is there another way, like just select restart from the web interface?

That's not necessary, safe mode won't reset the settings, it's just starting without most of the drivers and as AP instead of STA. You can then do possible changes, to fix whatever lead to safe mode and then restart in "normal mode".

rickwookie wrote:

Erm, not much more than being able to just find the device via a network scan and access its web interface anyway.

In my country we have flats with many families living (like on separate floor levels) and they can see each other WiFi networks, but no one knows the password of the neighbours.

rickwookie wrote:

Sort of explains what was happening to my devices earlier when they appeared to have just "reset themselves" after the first reboot after initial setup and were no longer responding to buttons. Not sure why they went into safe mode if they did, because it was only one reboot and not five.

If you configure something in a way that it crashes, it will try to boot 5 times and revert to safe mode on it's own. Also, if you power WiFi module from unstable power supply, or directly from 3.3V pin of some cheap USB to UART converter, it may also BOR and reboot and revert to AP.

p.kaczmarek2 wrote:

In my country we have flats with many families living (like on separate floor levels) and they can see each other WiFi networks, but no one knows the password of the neighbours.

So the web authentication is the solution then surely.

p.kaczmarek2 wrote:

If you configure something in a way that it crashes, it will try to boot 5 times and revert to safe mode on its own. Also, if you power WiFi module from unstable power supply, or directly from 3.3V pin of some cheap USB to UART converter, it may also BOR and reboot and revert to AP.

Could have been the cheap board power design in both cases. I paid £2.37 total including tax to get it shipped from China after all! One time the board was powered from an 8 V a.c. doorbell transformer, and the other time via the 5 V d.c. microUSB port direct from my old laptop.