Friends don’t let friends hide SSIDs

A hidden SSID is like a speakeasy that is clearly there, but one that does not have a sign outside the establishment advertising the speakeasy. Hidden in plain sight, but discoverable. Every Wi-Fi network has a name referred to as a Service Set Identifier (SSID). This name shows up in the networks list on devices and are to distinguish Wi-Fi networks from one another in the same vicinity.

Broadcasting the SSID is like putting up a sign that says, “Potion of Connectivity”, “Ethernet of Enchantment”, “Dark LAN Arts” - an open invitation into the WizardFi speakeasy. But if one decides to “hide” the SSID, it’s like taking down the sign. Even though the Wi-Fi network is still there, the name doesn’t show up automatically on devices searching for a new Wi-Fi connection. If someone wants to join the hidden Wi-Fi network, they need to know the exact name to type in, along with the credentials.

While hiding your SSID is a way to make your Wi-Fi network less visible to nearby devices, hiding the SSID increases friction for people who are trying to find and connect on purpose. Hiding the SSID just removes the name from the advertisements.

Why hidden SSIDs are not a security feature

Imagine your Wi-Fi network is like the hidden speakeasy. You might think if you don’t tell anyone about the speakeasy or put up a sign, then nobody will know it’s there, and it’ll be safe. But if someone really wanted to find the speakeasy, they could just walk around looking, and they might find yours.

When people talk about hiding the SSID, it’s like not having a sign with the establishment name on your building. The building is clearly still there, but with an empty string for the SSID. The SSID is the name of your Wi-Fi network. You might think if nobody can see the name, they won’t be able to join or get in, but that’s not really how this works. Just like someone can still find your speakeasy by looking, there are tools that let people see all the Wi-Fi networks around, even the “hidden” ones. Once they find the network, hiding the name doesn’t keep them out. Rather, it is good security that keeps them out.

What really keeps your Wi-Fi safe is using a good lock, which in Wi-Fi terms is like using a strong password, encryption, and key management (like WPA3). Even if someone knows your Wi-Fi is there, they can’t get in and patronize your speakeasy without knowing the proper credentials.

There are also other problems introduced by hiding SSIDs on processes like roaming between access points, device setup, and even privacy concerns!

Discovery of hidden SSIDs

Technically, hidden SSIDs can be discovered through:

Active probing with the SSID name
Passive monitoring of probe requests
Performing a deauth attack and then monitoring management frames when devices re-associate.

Impact of hidden SSIDs on device setup

Virtually every device requires manual configuration steps to connect to hidden networks, which is very frustrating for the majority of users. The SSID has to be typed in as an exact match. Additionally, some devices may simply not support hidden networks. Some IoT devices don’t have provisioning that supports hidden networks.

Impact of hidden SSIDs on privacy

When devices are configured to connect to hidden Wi-Fi networks, what ends up happening is that the device will constantly broadcast probe requests containing the hidden SSID(s) whenever the device is not in the vicinity of the network.

So, if your network name, “MagicMushroomLab”, is hidden at home, and you go to the office, your network name, “MagicMushroomLab” is constantly advertised by your device to everyone! Your device is broadcasting your “secret” network name everywhere you go.

Hiding your SSID reduces privacy compared to visible networks.

Impact of hidden SSIDs on roaming

Let’s say you have a bunch of toy stores (which are like Wi-Fi access points) in a big mall, and you love visiting them to see if they have new toys. Now, imagine if some of these storefronts decided to become invisible - now they’re still there, but you can’t see what the store is as you walk by.

If you know exactly where one of these invisible stores is, you can go straight to it, confirm the store is your target by looking, and then enjoy what’s inside. But, if you’re just aimlessly walking around looking for a specific store, you’ll miss the store at first until you determine the store is, in fact, hidden. Your ability to find the store takes longer.

In a Wi-Fi network, when your device (like your tablet or phone) is moving around, the device tries to connect to the strongest signal so you can keep watching cat videos or playing video games without interruption. This is like you moving from one toy store to another in the mall, looking for the best toys. Normally, your device can see all the Wi-Fi access points (the toy stores) that are broadcasting their names (SSIDs), so the device knows where to switch to (roam to) get a better and stronger connection.

Wi-Fi roaming occurs when a device automatically switches its connection from one access point to another within the same network to maintain connectivity as the user moves around. The device monitors signal strength and other metrics in its green diamond about nearby access points. When the current connection becomes poor, the client will attempt to transition to a stronger access point without dropping the connection.

However, if some access points are hiding their SSIDs (they’re the invisible stores), your device doesn’t immediately see them as options to connect to, even if they might have the strongest signal at your current location. Your device needs to be specifically told where these hidden toy stores and access points are and actively look for them, which is like knowing exactly where the invisible toy store is in the mall. The device has to do this every time the device needs to roam. The process to find toy stores and roaming candidates takes more time and is inefficient!

Hidden SSIDs complicate the roaming process becuase clients cannot see the access points in passive scanning procedures. Hidden SSIDs force clients to actively probe for specific network names rather than passively listen for beacons. This is inefficient for roaming decisions because of the additional time it takes to discover hidden access points which can cause brief interruptions in connectivity during real time applications!

This makes it harder for your device to smoothly switch (roam) between multiple access points, like in a business, small and large offices, or across a school campus, because your device can’t quickly identify the next available connection point without constantly actively probing. Hidden SSIDs can slow down the process of switching to the best connection, causing interruptions or delays in whatever you’re doing online, especially real-time latency-sensitive applications like voice and video streaming.

Summary

While hiding SSIDs might seem like it adds security, hiding SSIDs actually makes the Wi-Fi experience a bit more complicated and less smooth, especially when moving around.

In summary, hiding SSIDs creates a false sense of security while adding more problems and creating multiple issues! Hidden SSIDs are “security” through obscurity and do not solve a real security problem. Friends don’t let friends hide their SSIDs.

↑ Top