Hidden Network Less Secure?

[StevenC]

I'm sorry if I sound like an idiot but when I was setting up the wifi on a device I was greeted by a message stating that using a hidden SSID may create a security risk. Stupid question but what kind of security risk would using a hidden network pose? Any insight would be appreciated. 

[AnonymousGuy]

I think it's there to warn people who think a hidden SSID makes them more secure when in reality it does nothing.  

[IPD]

12 minutes ago, AnonymousGuy said:

I think it's there to warn people who think a hidden SSID makes them more secure when in reality it does nothing.  

Isn't a hidden SSID just something you do so Google Street View can't record a network at your address?

[Lurick]

11 minutes ago, IPD said:

Isn't a hidden SSID just something you do so Google Street View can't record a network at your address?

No, a scan can still detect it, it doesn't literally nothing of value to make an SSID hidden.

[GhostRoadieBL]

There was a time (early days of wifi) when a lot of people thought a hidden ssid with no password was acceptable security for their network "if noone can see it it's secure" kind of idea.

This was quickly challenged and now just about any wifi scanner will pick up 'hidden' networks and just tag them as hidden while letting you attempt to connect

[brwainer]

This can create a security risk for your laptop, phone, etc when away from your network. When a device wants to connect to a hidden network, it has to send an unencrypted initial packet to the AP saying “if you are MySecretNetwork, I would like to connect”. And since your device doesn’t know where or when it should expect to connect to your network, it will send that out to every single hidden network you come across. So anyone malicious can run a program on their computer that listens for those messages then creates the SSID your device is trying to connect to. Also, on some devices this can have a measurable effect on battery life.

[StevenC]

Tyvm for the insight guys. I have a second question, are there any advantages to me keeping my SSID hidden or would I be better off not having a hidden network? 

[brwainer]

17 minutes ago, StevenC said:

Tyvm for the insight guys. I have a second question, are there any advantages to me keeping my SSID hidden or would I be better off not having a hidden network? 

Frankly from an attacker’s perspective, I’m more interested in a hidden network than a regular one. Hidden network doesn’t mean the AP stops sending beacons, it just sends beacons out that lack the SSID. And then an attacker just has to wait until a device connects and sends that initial message to learn what the SSID is.

[StevenC]

Ah, thanks again for the info. I think I will move away from using a hidden network. 

[OhioYJ]

On 2/16/2022 at 2:26 PM, StevenC said:

I'm sorry if I sound like an idiot but when I was setting up the wifi on a device I was greeted by a message stating that using a hidden SSID may create a security risk. Stupid question but what kind of security risk would using a hidden network pose? Any insight would be appreciated. 

This is a rather old TechNet article, but talks about this. Particuarly, you might look at this section, "Why Non-broadcast Networks are not a Security Feature."

 

From that article:

 

Quote

A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.

 

^I bolded sections above from the article

[wseaton]

Hidden networks aren't inherently more secure, but I prefer to keep them hidden just to reduce overhead. If I have 300 people with smart phones in the vicinity thats 300 less connections negotiating to a SSID they don't want to see anyways.

 

Labeling a SSID "hacking_test" or "bot_net_,broadcast" tends to discourage college kids from getting too curious.

 

If I'm bored I will leave some honey pots open. And Or, direct script kiddies to an obnoxious landing page or setting a traffic limit of 10bps on the bogus SSID. Lots of ways to make life annoying for wifi hackers. Just keep you sensitive networks on 2.4g with a channel spread of 40mhz or higher. Nobody with an iPhone will be able to connect anyway - lol.

 

Besides, SSID wars can be fun at home. Letting the annoying neighbor know 'yourwifeisugkly' is always helps relations.

 

 

 

 

[IPD]

13 hours ago, wseaton said:

Hidden networks aren't inherently more secure, but I prefer to keep them hidden just to reduce overhead. If I have 300 people with smart phones in the vicinity thats 300 less connections negotiating to a SSID they don't want to see anyways.

 

Labeling a SSID "hacking_test" or "bot_net_,broadcast" tends to discourage college kids from getting too curious.

 

If I'm bored I will leave some honey pots open. And Or, direct script kiddies to an obnoxious landing page or setting a traffic limit of 10bps on the bogus SSID. Lots of ways to make life annoying for wifi hackers. Just keep you sensitive networks on 2.4g with a channel spread of 40mhz or higher. Nobody with an iPhone will be able to connect anyway - lol.

 

Besides, SSID wars can be fun at home. Letting the annoying neighbor know 'yourwifeisugkly' is always helps relations.

 

 

 

 

"wifesonlyfanswebcam" would probably end up bringing MORE hackers....