Should you hide your SSID on your Wi-Fi?

-
Some of us may not realize the kind of control we have over our home wi-fi.
There are a pros and cons to all of the features that wi-fi offers. I will do my best to explained some of them below.

I won't drag on before saying that to have secure Wi-Fi you should have the settings in bullet points here functioning:
  • Enable Wi-Fi Protected Access 2 (WPA2).
  • Use Advanced Encryption Standard (AES).
    • If it does not say AES it is probably using AES.
  • Pre-shared Key (PSK)
With this enabled your data is encrypted behind a password using AES which is the most modern and trusted encryption standard in use today.

However if you're curious (like me) about some of the other features I will do my best to explain a few of the more interesting ones below.

The first question is about hiding the SSID using the settings in your wireless access point (AP) or router. Does that make your wi-fi more secure? The accurate answer is 'no' but the friendlier answer is 'that depends'. According to Microsoft’s Steve Riley hiding the SSID is a violation of the IEEE 802.11 specification. Windows XP is nearly not compatible with that setting and only in Windows Vista forward does enabling that setting become more user friendly. To enable connection with non-broadcasting SSID networks the supplicant (client) host must frequently emit association frames to probe for the hidden SSID network. These frames are in plain text and contain the SSID that was supposed to be hidden. With the right equipment it is not complicated for an individual to monitor the air for these alleged hidden SSIDs. In fact to prove that point go ahead and check the air waves where you are right now with the Windows command prompt:
C:\> netsh wlan show networks mode=bssid
This command will return all of the SSIDs in the air near you. In the first line of each will be:
SSID 1 : <insert_SSID_here>
It will even return non-broadcasting networks only the SSID name will be blank such as:
SSID 12: <________> <--- nothing there
That is a non-broadcasting SSID network. There are allot of tools out there that can monitor the airwaves for those association frames but your network interface card (NIC) must be capable of that feature. You can test if that feature is available on your NIC using the Windows command:
C:\> netsh wlan show wirelesscapabilities
The feature that allows monitoring of these special frames is called  Network monitor mode
If your NIC has that capability there is a tool to monitor for those association frames called aircrack. It aircrack is built into Kali Linux and is also found here for free: https://www.aircrack-ng.org/
Proof of concept out of the way.
It is obvious now that hiding the SSID in the router settings has negligible benefits and will likely make your home wi-fi less secure if you've setup your client host to connect automatically by probing for the association frames which continually emits your alleged hidden SSID in plain text everywhere you go. However for some people it is a trade off and believe a hidden SSID will make an intruder bypass your network for a more apparent target. "It also lowers the profile of your Wi-Fi network with neighboring households." (Bradley Mitchell)

Steve Riley

Why Non-broadcast Networks are not a Security Feature

MAC address spoofing:





Comments

Post a Comment

Popular posts from this blog

Malware Reverse Engineering

-
Image
I recently analyzed and submitted some malware to Microsoft Security Intelligence that I found on a YouTube video.  The video has since been reported so it may not be available.  https://www.youtube.com/watch?v=uQG6Xwxdb2A This YouTube video promoted downloading a program that claimed to "generate" keys for copyrighted software. Windows Defender identified it as Trojan:Win32/Wacatac.C!ml .  Here below is the Virus Total entry: https://www.virustotal.com/gui/file/509e1b4447cd7f0c448b31d88a41dbca6ceca5a029caabfa2bd10b7c965bbe51/detection The first thing I did was analyze for malicious registry changes with a program from Nir Soft called  RegistryChangesView v1.26 . I did not find malicious registry changes. The few changes to the registry were normal Windows behavior, for example here was one registry change: ================================================== Registry Key : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-...
Read more

Open Whisper Systems: Signal Messaging App

-
There are a number of factors that set Signal by Open Whisper Systems apart from any other encrypted messaging platform. The first being that it is open source. https://github.com/signalapp/Signal-Android Signal uses e-to-e encryption or end-to-end. Next, given that it is open source anyone can analyse the code for back-doors and the strength of the encryption. The celebrity whistle blower Edward Snowden  https://twitter.com/Snowden  endorses Signal and so do many IT professionals who report on controversial subjects. Even if the company is subpoenaed Signal retains nearly nothing on the user.  https://www.theverge.com/2016/10/4/13161026/signal-subpoena-court-order-encryption-police-open-whisper Signal is showing up in mainstream more all the time. https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/ Security can even be improved upon the default settings with a few tweaks of the app settings. https://theintercept.com/2016/07/02/s...
Read more