How risky is connecting to a hidden wireless network?

  • According to something I spotted something in a set of directions for connecting to a hidden wireless network from windows 8 found here (located under Step 1 > "Troubleshoot connection problems" > "How do I connect to a hidden wireless network?"):

    A hidden wireless network is a wireless network that isn't broadcasting its network ID (SSID). Typically, wireless networks broadcast their name, and your PC “listens” for the name of the network that it wants to connect to. Because a hidden network doesn’t broadcast, your PC can't find it, so the network has to find your PC. For this to happen, your PC must broadcast both the name of the network it's looking for and its own name. In this situation, other PCs “listening” for networks will know the name of your PC as well as the network you’re connected to, which increases the risk of your PC being attacked. (emphasis added)

    I had always believed that hidden wireless networks were actually safer than normal ones, because only those who already know of the network are able to connect to it, so an attacker wouldn't be able to connect to it to listen to your traffic.

    Are hidden networks actually more risky, as the paragraph says, and if so, what measures can be taken to help mitigate the risk?

    Also, I know that there are some countries where publicly broadcasting home networks are actually illegal, and hidden networks are the only option for wireless. If broadcasting networks are safer, why are they illegal in some places?

    Only peripherally related to the question, but one major reason for hiding certain SSIDs isn't related to security at all, but rather user convenience. For example, if you have a workplace where there is an internal network for employees and a publicly available guest network, there is little need for the internal network to be visible to everyone. By hiding that one, you make life easier on those who wish to use the guest network, since there is one less network to choose from. I run a setup like that at home even, for convenience and traffic isolation. (Both use different, strong PSKs.)

    @Michael, That might be one use case for hiding them. But is *that* the reason they are made?

  • The risk here is in believing that a "hidden SSID" changes anything to the security. A non-hidden SSID means that the router will shout at regular intervals "hello everybody, I am Joe the Router, you may talk to me !". A hidden SSID means that the client machine (not the attacker's machine) will shout at regular intervals "Hey, Joe, where are you ? Please respond !". Either way, assuming that the SSID (here, "Joe") is not known to any attacker would be overly naive.

    A point that could be made is that when the SSID is hidden, then an attacker may assume that the SSID is valuable in some way; so, when your PC connects, your PC shows that it knows the valuable SSID, and thus is also a valuable target in some sense. Not that it would change much things in practice: attackers will attack everything in range anyway, as a matter of principle.

    You had me at Joe the Router

    and you had me at "attackers will attack everything in range anyway, as a matter of principle." ^^ Funny and good to take into account.

    @Thomas, Hmm, hiding the network does have some benefits if we do not have to reconnect existing clients. Consider this, if we go into a coffeeshop and there's a hidden network with no clients trying to connect to it, there's no way we can obtain the SSID of that hidden network (besides bruteforcing).

    So, if I have a hidden network at home or such, and use it from my phone, would that reduce my battery life, because of the need to periodically broadcast to probe the hidden network (instead of just listening)?

    The clients will often broadcast the ESSID anyway, even if the network is not hidden. In fact it's useful for recon because you can see a list of network names used by nearby targets.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM