--- title: On hidden WiFi networks excerpt: Disabling SSID broadcast is not a security measure and may hurt your privacy. layout: mini permalink: /n/hiddenssid.html sitemap: true lang: en --- # {{ page.title }} _{{ page.excerpt }} For opting out of location services, refer to [n/nomap](nomap.html)_. Automaattinen sisällysluettelo / Automatically generated Table of Contents - [The issue with hidden networks](#the-issue-with-hidden-networks) - [Connecting to a hidden network](#connecting-to-a-hidden-network) - [Seeing hidden networks](#seeing-hidden-networks) - [Returning to normalcy](#returning-to-normalcy) - [TODO](#todo) - [QR codes for hidden SSIDs](#qr-codes-for-hidden-ssids) ## The issue with hidden networks When you hide your WiFi network, your access point (AP) will still announce its existence with the MAC (Media Access Control) address without name. Some location services, such as WiGLE will still records its existence ([n/nomap](nomap.html)) and as the Service Set IDentifier (SSID) is required for connecting, your devices will shout around everywhere asking for it, so scanning around will make you identifiable and possibly trackable as not many people are likely to be broadcasting the same set of SSIDs. _I have said it before, but I am a fan of [openwireless.org](https://openwireless.org) and wonder if making that SSID hidden to not reveal myself so obviously on WiGLE (as hidden SSIDs are more common) would work for promoting it and those with the ability to see it, would be more likely to be interested in opening their network as opposed to people not seeing it._ ## Connecting to a hidden network _Please remember to replace `wlan0` with your actual interface name if applicable._ SailfishOS displays the MAC addresses and I understand Windows to display "hidden network" or something similar as well. Android and iOS require entering the name through manual adding and warn about hidden networks, on Linux at least NetworkManager has a button "connect to hidden network". `iwd` provides commands `iwctl station wlan0 get-hidden-access-points` and `iwctl station wlan0 connect-hidden`, although they may require `iwctl station wlan0 scan` at first. In `/var/lib/iwd/.` there would be ```toml [Settings] Hidden = true ``` ## Seeing hidden networks Many platforms have apps for this, however Android prevents getting the hidden SSID, so I am focusing on Linux. The required Fedora package is `aircrack-ng`. 1. Switch to monitoring mode through `airmon-ng start wlan0` 1. If there are warnings about interfering services, stop them or `airmon-ng check kill`. **_This will likely disconnect your network connectivity, unless you have multiple NICs._** 1. `airodump-ng wlan0` 1. Wait patiently as ESSID `` gets replaced with the actual SSID once devices connect. On the bottom you will see devices asking for specific SSID. - This could be sped up by exploiting WiFi vulnerabilities, but that would no longer be in the white hat territory and thus I don't concern myself with it. ### Returning to normalcy 1. Exit `airodump-ng` by `CTRL - C` as usual. 1. Exit monitoring mode through `airmon-ng stop wlan0phy` 1. Restart your network management (the `airmon-ng start wlan0` and `airmon-ng check-kill` probably gave you a hint), for me it's `systemctl restart iwd NetworkManager`, while `wpa_supplicant` would be more common. ### TODO _I should investigate and write about these:_ - `man airodump-ng` may have nice flags as currently nothing is stored. - Security people should have some data to compare to on what is normal in the network environment and when changes happen. Then again with less data stored, there is less chance of doing something illegal by accident, while I think the passive listening this page focuses on is the same as VHF scan all button. - I think `kismet` does the same as `airodump-ng`, while it may be more focused on [wardriving](https://en.m.wikipedia.org/wiki/Wardriving). ## QR codes for hidden SSIDs [zxing](https://github.com/zxing/zxing/wiki/Barcode-Contents#wi-fi-network-config-android-ios-11) and [Wikipedia](https://en.wikipedia.org/wiki/Wi-Fi#Securing_methods) agree on `WIFI:T:WPA;S:mynetwork;P:mypass;;` so my wondering would be: `WIFI:T:nopass;S:openwireless.org;;H:true;` where only `P:mypass` got omitted.
# The capital H is the highest error correction, others are LMQ
% qrencode -l H -t utf8 "WIFI:T:nopass;S:openwireless.org;;H:true;"
█████████████████████████████████████
█████████████████████████████████████
████ ▄▄▄▄▄ █▀ █▀▀▀▀  ▀▄▄▀█ ▄▄▄▄▄ ████
████ █   █ █▀ ▄ █▀▄▀▄█▄▄ █ █   █ ████
████ █▄▄▄█ █▀█ █▄▀▀█▀▀█▀██ █▄▄▄█ ████
████▄▄▄▄▄▄▄█▄█▄█ █ █▄▀ ▀ █▄▄▄▄▄▄▄████
████   ▄ █▄ ▄ ▄█▄█  ██▀▀ ▄▀▄▀ █▄▀████
█████  █▄▀▄▄  ▀ ▄▄▄▀▀▄▀▀ ▄▀ ▀▀▄█ ████
████ ▀▄█▄█▄▄█▄▀▄▀█ ▄▄██▀▀▄ ▄▀▀   ████
████▄▄█▀ ▀▄ ▀ ▄█▀ ▀█▄▄█ ▀██ ▀▀███████
████▀   ▀▀▄▄ █ █▄▄▀▄▄▄▄█ ▄▀▄ ██▀▀████
████ █▄█ ▄▄█▄▀█ ▄███▄▄█▀▀▄▀▀▀█▄▄▀████
████▄█▄██▄▄█ ▄▄▄▀▀█▄ ▄▄█ ▄▄▄ ▀▄▄▄████
████ ▄▄▄▄▄ █▄▀▄█▀ ▄▄▀  █ █▄█ ▀ █ ████
████ █   █ █ ███▄█▄▄█▄▀▀   ▄ ▀▄ █████
████ █▄▄▄█ █ ▄  ▄█▀▄  ▀ ▀▄▄▀▄▀  ▀████
████▄▄▄▄▄▄▄█▄▄▄▄███▄▄▄█▄▄▄▄▄▄▄▄▄█████
█████████████████████████████████████
█████████████████████████████████████
_While the above looks messy in my `jekyll serve -l`, [Binary Eye](https://github.com/markusfisch/BinaryEye) detected it regardless._