35

According to something I spotted something in a set of directions for connecting to a hidden wireless network from windows 8 found here (located under Step 1 > "Troubleshoot connection problems" > "How do I connect to a hidden wireless network?"):

A hidden wireless network is a wireless network that isn't broadcasting its network ID (SSID). Typically, wireless networks broadcast their name, and your PC “listens” for the name of the network that it wants to connect to. Because a hidden network doesn’t broadcast, your PC can't find it, so the network has to find your PC. For this to happen, your PC must broadcast both the name of the network it's looking for and its own name. In this situation, other PCs “listening” for networks will know the name of your PC as well as the network you’re connected to, which increases the risk of your PC being attacked. (emphasis added)

I had always believed that hidden wireless networks were actually safer than normal ones, because only those who already know of the network are able to connect to it, so an attacker wouldn't be able to connect to it to listen to your traffic.

Are hidden networks actually more risky, as the paragraph says, and if so, what measures can be taken to help mitigate the risk?

Also, I know that there are some countries where publicly broadcasting home networks are actually illegal, and hidden networks are the only option for wireless. If broadcasting networks are safer, why are they illegal in some places?

AJMansfield
  • 520
  • 1
  • 5
  • 12
  • 8
    Only peripherally related to the question, but one major reason for hiding certain SSIDs isn't related to security at all, but rather user convenience. For example, if you have a workplace where there is an internal network for employees and a publicly available guest network, there is little need for the internal network to be visible to everyone. By hiding that one, you make life easier on those who wish to use the guest network, since there is one less network to choose from. I run a setup like that at home even, for convenience and traffic isolation. (Both use different, strong PSKs.) – user Jul 03 '13 at 21:19
  • @Michael, That might be one use case for hiding them. But is *that* the reason they are made? – Pacerier May 25 '15 at 07:46

3 Answers3

55

The risk here is in believing that a "hidden SSID" changes anything to the security. A non-hidden SSID means that the router will shout at regular intervals "hello everybody, I am Joe the Router, you may talk to me !". A hidden SSID means that the client machine (not the attacker's machine) will shout at regular intervals "Hey, Joe, where are you ? Please respond !". Either way, assuming that the SSID (here, "Joe") is not known to any attacker would be overly naive.

A point that could be made is that when the SSID is hidden, then an attacker may assume that the SSID is valuable in some way; so, when your PC connects, your PC shows that it knows the valuable SSID, and thus is also a valuable target in some sense. Not that it would change much things in practice: attackers will attack everything in range anyway, as a matter of principle.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • 14
    You had me at Joe the Router – eggy Jul 04 '13 at 05:40
  • 7
    and you had me at "attackers will attack everything in range anyway, as a matter of principle." ^^ Funny and good to take into account. – Olivier Dulac Jul 05 '13 at 09:37
  • @Thomas, Hmm, hiding the network does have some benefits if we do not have to reconnect existing clients. Consider this, if we go into a coffeeshop and there's a hidden network with no clients trying to connect to it, there's no way we can obtain the SSID of that hidden network (besides bruteforcing). – Pacerier May 25 '15 at 07:51
  • So, if I have a hidden network at home or such, and use it from my phone, would that reduce my battery life, because of the need to periodically broadcast to probe the hidden network (instead of just listening)? – AJMansfield May 25 '15 at 13:57
  • The clients will often broadcast the ESSID anyway, even if the network is not hidden. In fact it's useful for recon because you can see a list of network names used by nearby targets. – forest May 17 '18 at 01:12
14

Non-broadcast wireless networks aren't inherently less secure, but they're not more secure either. Hiding your wireless network (not broadcasting its SSID) doesn't make your network actually hidden as there are many tools that can help you find "hidden" networks, such as Kismet and inSSIDer.

If configured to do so, Windows Vista and Windows 7 will have to "ping" in the air to find the hidden network. Because of that, when you're not connected to the network, you'll be advertising that you're trying to connect to network X. If someone is listening to these signals, they can easily find out that you have a network called X to which your computer is attempting to connect.

As for the legal issue, I've actually heard that in some jurisdiction it's illegal to leave your network open, but I have never really heard that you have to hide it.

Adi
  • 43,953
  • 16
  • 137
  • 168
  • 2
    Usual example is that in Germany, you can get into legal trouble if you "insufficiently" protect your WiFi router, and some bad guy uses it to launch an attack on something else. What is deemed "sufficient protection" is not clearly defined. – Thomas Pornin Jul 03 '13 at 17:32
  • @Adi, How could you even get the SSID of the hidden network if no one is trying to connect to it? (aside from bruteforcing which isn't practical) – Pacerier May 25 '15 at 07:51
  • @Pacerier I don't think it's possible to directly get the SSID of a hidden network because it's stripped from the AP beacon. However, the AP advertises the SSID's length in the beacon message. To obtain an AP's hidden SSID, you either wait until a client tries to connect, or you de-auth a client and the capture the association exchange. – Adi May 25 '15 at 09:02
  • @Adi, If Alice is *already* connected to Bob_HiddenAP, and *then* Malfoy comes in, is Malfoy able to de-auth Alice to force Alice to re-connect to Bob_AP to gain "information" regarding Bob_HiddenAP? – Pacerier May 26 '15 at 04:07
  • @Pacerier Yes, correct. – Adi May 26 '15 at 07:45
  • @Adi, Erm, I don't get your reply... do you mean Malfoy is able or unable to de-auth Alice? – Pacerier Jul 02 '15 at 09:07
  • @Pacerier As far as I know, it is possible. To `deauth`, you need the client's MAC address and the AP's BSSID, and then you simply deauthenticate the client. Both the client's MAC and the AP's BSSID can be easily captured from the network traffic. After the deauthentication, the client will try to associate again. You simply capture the handshake to get the SSID. So, yes, Malfoy is able to dea-auth and get the SSID after that. – Adi Jul 02 '15 at 10:55
  • I don't think it's illegal to leave the network open anywhere, however in some jurisdictions, you are legally responsible for what goes through your network. – forest May 17 '18 at 01:15
7

There is no extra risk associated with connecting to a hidden network over a non-hidden one. What matters is who else is connected to that network, and what their intentions are.

When you connect to any network, you are giving all other users of that network access to a very large surface area in terms of your machine's security.

See this answer for more information on what risks are involved in this.

But to reiterate the answer to your overall question; no, whether the network is hidden or not is not really relevant. All you should care about is who else is connected.

lynks
  • 10,646
  • 5
  • 29
  • 54