diff --git a/n/hiddenssid.md b/n/hiddenssid.md new file mode 100644 index 0000000..6af1546 --- /dev/null +++ b/n/hiddenssid.md @@ -0,0 +1,143 @@ +--- +title: On hidden WiFi networks +excerpt: + Disabling SSID broadcast is not a security measure and may hurt your privacy. +layout: mini +permalink: /n/hiddenssid.html +sitemap: true +lang: en +--- + +# {{ page.title }} + +_{{ page.excerpt }} For opting out of location services, refer to +[n/nomap](nomap.html)_. + + + + + + +Automaattinen sisällysluettelo / Automatically generated Table of Contents + +- [The issue with hidden networks](#the-issue-with-hidden-networks) +- [Connecting to a hidden network](#connecting-to-a-hidden-network) +- [Seeing hidden networks](#seeing-hidden-networks) + - [Returning to normalcy](#returning-to-normalcy) + - [TODO](#todo) +- [QR codes for hidden SSIDs](#qr-codes-for-hidden-ssids) + + + + + + +## The issue with hidden networks + +When you hide your WiFi network, your access point (AP) will still announce its +existence with the MAC (Media Access Control) address without name. Some +location services, such as WiGLE will still records its existence +([n/nomap](nomap.html)) and as the Service Set IDentifier (SSID) is required for +connecting, your devices will shout around everywhere asking for it, so scanning +around will make you identifiable and possibly trackable as not many people are +likely to be broadcasting the same set of SSIDs. + +_I have said it before, but I am a fan of +[openwireless.org](https://openwireless.org) and wonder if making that SSID +hidden to not reveal myself so obviously on WiGLE (as hidden SSIDs are more +common) would work for promoting it and those with the ability to see it, would +be more likely to be interested in opening their network as opposed to people +not seeing it._ + +## Connecting to a hidden network + +_Please remember to replace `wlan0` with your actual interface name if +applicable._ + +SailfishOS displays the MAC addresses and I understand Windows to display +"hidden network" or something similar as well. Android and iOS require entering +the name through manual adding and warn about hidden networks, on Linux at least +NetworkManager has a button "connect to hidden network". + +`iwd` provides commands `iwctl station wlan0 get-hidden-access-points` and +`iwctl station wlan0 connect-hidden`, although they may require +`iwctl station wlan0 scan` at first. In `/var/lib/iwd/.` there would +be + +```toml +[Settings] +Hidden=true +``` + +## Seeing hidden networks + +Many platforms have apps for this, however Android prevents getting the hidden +SSID, so I am focusing on Linux. The required Fedora package is `aircrack-ng`. + +1. Switch to monitoring mode through `airmon-ng start wlan0` +1. If there are warnings about interfering services, stop them or + `airmon-ng check kill`. **_This will likely disconnect your network + connectivity, unless you have multiple NICs._** +1. `airodump-ng wlan0` +1. Wait patiently as ESSID `` gets replaced with the actual SSID + once devices connect. On the bottom you will see devices asking for specific + SSID. + +- This could be sped up by exploiting WiFi vulnerabilities, but that would no + longer be in the white hat territory and thus I don't concern myself with it. + +### Returning to normalcy + +1. Exit `airodump-ng` by `CTRL - C` as usual. +1. Exit monitoring mode through `airmon-ng stop wlan0phy` +1. Restart your network management (the `airmon-ng start wlan0` and + `airmon-ng check-kill` probably gave you a hint), for me it's + `systemctl restart iwd NetworkManager`, while `wpa_supplicant` would be more + common. + +### TODO + +_I should investigate and write about these:_ + +- `man airodump-ng` may have nice flags as currently nothing is stored. + - Security people should have some data to compare to on what is normal in the + network environment and when changes happen. Then again with less data + stored, there is less chance of doing something illegal by accident, while I + think the passive listening this page focuses on is the same as VHF scan all + button. +- I think `kismet` does the same as `airodump-ng`, while it may be more focused + on [wardriving](https://en.m.wikipedia.org/wiki/Wardriving). + +## QR codes for hidden SSIDs + +[zxing](https://github.com/zxing/zxing/wiki/Barcode-Contents#wi-fi-network-config-android-ios-11) +and [Wikipedia](https://en.wikipedia.org/wiki/Wi-Fi#Securing_methods) agree on +`WIFI:T:WPA;S:mynetwork;P:mypass;;` so my wondering would be: +`WIFI:T:nopass;S:openwireless.org;;H:true;` where only `P:mypass` got omitted. + +
+# The capital H is the highest error correction, others are LMQ
+% qrencode -l H -t utf8 "WIFI:T:nopass;S:openwireless.org;;H:true;"
+█████████████████████████████████████
+█████████████████████████████████████
+████ ▄▄▄▄▄ █▀ █▀▀▀▀  ▀▄▄▀█ ▄▄▄▄▄ ████
+████ █   █ █▀ ▄ █▀▄▀▄█▄▄ █ █   █ ████
+████ █▄▄▄█ █▀█ █▄▀▀█▀▀█▀██ █▄▄▄█ ████
+████▄▄▄▄▄▄▄█▄█▄█ █ █▄▀ ▀ █▄▄▄▄▄▄▄████
+████   ▄ █▄ ▄ ▄█▄█  ██▀▀ ▄▀▄▀ █▄▀████
+█████  █▄▀▄▄  ▀ ▄▄▄▀▀▄▀▀ ▄▀ ▀▀▄█ ████
+████ ▀▄█▄█▄▄█▄▀▄▀█ ▄▄██▀▀▄ ▄▀▀   ████
+████▄▄█▀ ▀▄ ▀ ▄█▀ ▀█▄▄█ ▀██ ▀▀███████
+████▀   ▀▀▄▄ █ █▄▄▀▄▄▄▄█ ▄▀▄ ██▀▀████
+████ █▄█ ▄▄█▄▀█ ▄███▄▄█▀▀▄▀▀▀█▄▄▀████
+████▄█▄██▄▄█ ▄▄▄▀▀█▄ ▄▄█ ▄▄▄ ▀▄▄▄████
+████ ▄▄▄▄▄ █▄▀▄█▀ ▄▄▀  █ █▄█ ▀ █ ████
+████ █   █ █ ███▄█▄▄█▄▀▀   ▄ ▀▄ █████
+████ █▄▄▄█ █ ▄  ▄█▀▄  ▀ ▀▄▄▀▄▀  ▀████
+████▄▄▄▄▄▄▄█▄▄▄▄███▄▄▄█▄▄▄▄▄▄▄▄▄█████
+█████████████████████████████████████
+█████████████████████████████████████
+
+ +_While the above looks messy in my `jekyll serve -l`, +[Binary Eye](https://github.com/markusfisch/BinaryEye) detected it regardless._ diff --git a/n/nomap.md b/n/nomap.md index 46c9b20..53c8a14 100644 --- a/n/nomap.md +++ b/n/nomap.md @@ -32,6 +32,9 @@ Microsoft has a separate [location services opt-out](https://account.microsoft.com/privacy/location-services-opt-out) which uses MAC addresses instead. +**_Hidden SSID won't work for opt-out in some of those services. Refer to +[n/hiddenssid](hiddenssid.html)._** +