Why disabling SSID broadcast is bad!


I know the majority of the information online claims that disabling SSID broadcast is good or at least neutral, but recently I was made aware (thanks to @ax0n and later @jfug) of an attack that takes advantage of computers that normally connect to networks (such as their home wireless network) that do not broadcast their SSID.

My reasoning

First, disabling SSID broadcast contributes negligibly to the security of your network. It's like not having an address printed on your house when there are houses with addresses visible on either side. A casual observer can clearly tell there's a house there and the (supposedly hidden) address is very easy to discover. The main reason this practice is/was advocated seems to be flawed logic (hidden must be better, right? I'll leave the whole "security through obscurity is no security at all" debate to those better qualified) and so router vendors can claim to have additional "security" features. Thinking that hiding your SSID will protect your network is like thinking a (regular) glass window will stop an intruder with a brick.

Second, any benefit your network may get is vastly overshadowed by the extra risk that you're adding to your wireless devices. When a wireless device (like your laptop) looks for wireless networks and it knows that it might be looking for a hidden network, it begins broadcasting that SSID to any device that will listen and saying "Are you SuperSecretHiddenNetwork??" Any listener in the area both now knows your SSID (so much for keeping it secret) and furthermore, other devices in the area can say "yes, that's me!" and your device won't know the difference. You just helped enable a rogue device to perform a man-in-the-middle attack by weakening your ability to approve what network your device attempts to join. That means that the rogue device can easily capture enough information about you to impersonate you to any site you use during that browsing session, whether it be Facebook, Gmail, or your bank.

So what now?

Tried and true advice for securing a wireless network still applies:

  1. Use WPA2, with AES encryption. Anything less than that can be broken, from a matter of seconds for WEP to minutes for WPA (off the shelf equipment can run upwards of 15,500 passphrases/second)
  2. Use a strong passphrase. 10 or more characters should be a minimum, and use a phrase that cannot be easily guessed. No dictionary words, consecutive strings of numbers, include special characters, etc...
  3. Use a unique SSID. While this is somewhat less important, it reduces the risk that you will be duped into connecting to someone else's network by mistake. "linksys" is right out.

To secure your laptop when connecting wirelessly, turn off the "Remember networks" feature. Also, disable wireless entirely on your laptop when not in use. You're more secure and it will save you significant battery time.


Tags: security, wireless