It seems obvious: I should hide my WiFi SSID from being broadcasted. After all, if it’s not listed, then nobody knows it exists, or it will at least slow them down—you would think.
But if you’re hiding your SSID as a means of protecting your network, you’ll actually find that you are making matters worse.
“Security through obscurity”
The phrase is repeated often in the IT world, and generally with negative connotation. It refers to the concealment of loopholes/vulnerabilities of an application or system as a means of defending it.
The issue here is that hiding your SSID does not protect you anymore than if it were broadcasting. Your network password is still your network password, and the encryption (WPA) is no different.
Here’s the thing: If a hacker wants to find nearby networks, hidden or not, all they have to do is run a single command or utility to list all of them, including your nameless network. The only thing that hiding your SSID is accomplishing is creating another obstacle for welcomed guests wishing to connect, or sometimes even yourself when having to set up your devices.
Devices will broadcast your SSID
Devices previously connected to your hidden SSID will send out pings when trying to re-connect, and those pings leak what the SSID is anyways — something that a hacker can sniff out.
Client device: Are you here, Access Point?
Hacker captures the request, jots down “Access Point”
Access Point: I am here, you can join.
Client Device joins Access Point
Rogue access points
Your hidden SSID paints a bigger target on your back because a hacker can set up what is known as a “rogue hotspot” and lure in unsuspecting devices.
With a rogue hotspot, a hacker can emulate your SSID and can intercept connections to your network. Now connected to the hacker’s SSID, the client’s traffic is exposed and can be dissected through the use of key-loggers, fake intranets, and finding holes in the client’s firewall.
Client Device: Are you here, Access Point?
(Rogue) Access Point: I am here, come on in!
Client Device joins (Rogue) Access Point
Hacker begins to sniff web traffic
Access Point: Hello? I am here, but you’re not responding?
A suitable analogy for the situation
Think of it this way: If you scraped your street number off from the mailbox of your house, your house is still there, and someone willing to do just a short amount of research can figure out what number it is and try their lock-pick on the front door. Even worse, they could move next door and put your house number on their mailbox and pretend they’re you!
Remember: Your network is like a second home, and you should do what you reasonably can to prevent intruders.
Right ways to secure your network
- Set a more complex password on home networks
- WPA2, or better yet WPA3 (if supported)
- Ensure your router firewall is active
- Minimal or no ports opened
- Keep your router / network hardware firmware up to date
- Consider disabling UPnP
- Poorly designed hardware can be manipulated into being used as a botnet proxy
- If your router supports it, separate your Internet of Things devices such as cameras, smart appliances and smart switches onto their own network
- These are often targeted in attacks due to security exploits, especially ones from lesser known companies
- Set up a password-protected guest network for visitors to use
- Do not broadcast an unprotected network with a captive portal as a means of security, and better to re-consider a captive portal altogether
- They can be bypassed with methods such as DNS tunneling
- Captive portals are a nuisance for end-user clients
- Captive portals can make users less safe; improperly configured, they can cause SSL errors when intercepting network traffic, encouraging the end-user to the bad habit of clicking: “Allow anyways”