Hidden WiFi

Heh heh ... did you know that if you set your WiFi to be hidden, that it actually BROADCASTS your WiFi when you're most vulnerable?

No?

Check this tinfoil hat scenario out:

1. You set your home broadband router to not broadcast your SSID.
2. You set up your Windows or Linux PC to connect automatically.
3. You *think* you just made yourself safer ... ... ... ... but ... ... ...
4. Your computer has to broadcast that SSID to see if it responds
5. So, anyone with Kismet can easily see that SSID anyway
6. And ... worse yet ... EVERYONE at Starbucks 100 miles away can too!

Let's assume, for example, that your hidden SSID is "Maelmoro's SSID"

From item #4 above, anyone with Kismet in your vicinity can easily see this SSID because it has to be communicated to the router from the PC.

But, item #6 is the unintended consequence. If you were trying to hide from a bad guy, and that bad guy was sitting at Starbucks

100 miles away where you're drinking coffee, he could just as easily see with Kismet YOUR PC broadcasting a plea to connect to your home broadband SSID of "Maelmoro's SSID".

This is because the PC doesn't know it's 100 miles away. The PC, since it's set to automatically connect, will dutifully scream out your home broadband SSID trying to see if it responds.

So, in one sense, you're LESS SAFE when you set your SSID to be hidden than if you left it at the default. That's because, at the default, your PC does not scream out the SSID. The home broadband router screams out the SSID.

So, you *think* you're protecting yourself from the bad guy near your house - but you're not (since he can see the hidden SSID with Kismet); and you don't even realize that at every single Starbucks, you're screaming out your (otherwise hidden) SSID, even though you're nowhere near home.

Jeff Liebermann taught me that! :)

It does more than that. Your laptop goes down a list of previously connected SSID's and tries to connect to them all in sequence. Not only does this disclose your home SSID, but also the SSID of every place that you've connected. However, that doesn't work if you're at Starbucks, and you were most recently at another Starbucks. If your laptop can initiallly connect to Starbucks, it stops there and doesn't try to connect to the others.

I don't think so. I usually avoid security related discussions.

Only if you leave it set that way when away from home. (Which is, granted, the default.)

As above.

[]

[...]

Yup, wi-fi, like mobile, is always on. It has to be, else no one could connect, ever. BTW, your device will be pinging the wi-fi router whether or not you are receiving/sending data. You can extend battery life a bit by turning off wi-fi when you don't need it.

You can prevent unauthorised connections by using a strong passkey, but that only stops people from using your bandwidth. A good enough reason IMO, but the real security threat is data-interception and decryption. Anyone who really wants to know your private business can find out. Whether your private business is worth knowing about is another issue.

Have a good ay.

I think it *was* you Jeff. It was a loooong time ago, maybe 10 years, or maybe even more. I was futzing with my router, daily, changing the SSID and the DHCP IP addresses and the MAC address, etc., and you (or someone I thought was you) couldn't believe anyone would go to that much trouble for security.

Well, what I learned from that discussion was that turning off the SSID broadcast from the router was somewhat counter productive, for the reasons we discussed.

Anyway, if it wasn't you, it was someone as knowledgeable as you, which, to me, is just as good because it's so rare.

thanks!

Ok, that was me. At the time, there were endless discussions over the relative merits of various "security by obscurity" methods, including hiding the SSID, MAC address filtering, the stupidity of pre-shared encryption keys, routers that arrive with security disabled, etc. I think it was one of those discussions that convinced me that I should avoid such discussions if I valued my sanity.

Actually, I'm well behind the times and am not making much of an effort to stay up to date on the latest wireless technology[1]. The problem is that it's all become a commodity. Try finding a new router for sale that does NOT include wireless. Nobody is paying me big bucks to do anything in wireless these days. I'll leave the rooftop and tower work to a younger generation. Since half of everything I know seems to expire every 5 years, my wireless knowledge will probably be obsolete in a short time. Oh well.

[1] 10-15 years ago, I had twice as much hair on my head, a somewhat more positive attitude, money in the bank, overpriced health care I could almost afford, and was making money doing high priced consulting. Today, the hair is mostly gone, I've morphed into a curmudgeon, the bank account is almost depleted, affordable health care that I can't afford, and I'm now competing with consultants in India and China. Lots of things change in 10-15 years.

This is interesting because the default is to tell the world where you've been, based on SSIDs.

Yeah. I feel the same way. Sigh...

Now I feel for how my Dad felt, bless his heart.

Only if you tell it/told it to automatically connect to the SSID. You can go into your wireless software setup and tell it not to automatically connect you. You will then have to, the next time you go to starbucks, click on the site, and tell it to connect. If that is too hard to do, then yes, it will do as above.

Also, I believe typically it does NOT broadcast anything. rather it gets the signals broadcast by the local APs and check through them for one of the ssids you told it to automatically connect to.

>

I had mentioned this problem, both in phones and notebooks. But the broadcast doesn't have to be done if you set up your device properly. Worse of all are those old XP machines spewing out HPSETUP for adhoc connections.

If you don't use a SSID, kismet just says "stealth".

Incidentally, I discovered this problem running kismet, since I detected my phone spewing out the SSIDs of coffee shops and mid-grade motels. The intent of these penetration tools should be to hack yourself before someone does this for you. Years ago I discovered that trick of parking kismet on a channel then running wireshark. I was amazed to see my email go out in the clear. I didn't even have the option of TLS on my email. I soon ditched my Moto phone for a Blackberry, which put email on a crypto network and stopped doing email on my notebook. I eventually got TLS for my email.

Not exactly. My point (item 3 below) is that if it finds a usable SSID, it will stop spewing its list of saved (preferred) SSID's.

The algorithm is something like:

1. Try to reconnect to the most recently connected SSID on the assumption that you were rudely disconnected by putting the laptop in standby. If connected, also try to renew the last DHCP lease.
2. If that fails, go down the list of "preferred networks" until you find something that will accept a connection.
3. If it finds a connection, stop searching.
4. If you add a new SSID, add it to the top of the list.

The problem is that in order to connect, the client must transmit the SSID which can be sniffed. All these "preferred" SSID's can be captured until the entire list of SSID's are collected. (Note that all such management packets are not encrypted). Not only can I tell where you've been, but also in what order you were there.

Bars with wi-fi in the Santa Cruz CA area: I've been thinking of publishing a web page or book listing SSID's of bars, dives, saloons, houses of ill repute, hotels, motels, and other likely locations to help with the tracking.

You would be amazed at the number of accounting firms that outsource their work to India. I use a sole proprietor CPA to avoid that. I flat out inquired about this practice. I'm slowly getting her up to speed about security, but getting non-technical people to take hackers seriously is tough. She does not use wifi at the office.

Jeff may find a business in HIPAA compliant email, especially since it doesn't actually exist. You just declare you are compliant. Nobody checks. There is a lot of busy work getting these small med offices up to speed with electronic records.

Oh boy, they have raid10 and security cameras. I've used a CIA server, and they go one step further, namely putting the freakin' thing in a cage bolted to the floor and putting a camera on it.

There was an insurance company a few years ago that got ransomed from some Indian firm. A worker stole personal data and threatened to sell it to hackers if she didn't get paid.

Oh, it broadcasts. In kismet, they call it a probe.

In message , Wolf Kirchmeir writes: []

It's not just the theft of bandwidth, it's also what they might download and upload, which might be traced to you: in the UK the worst categories are likely to be terrorist material and paedophilia, and I suspect the same applies in the US.

You can also prevent unauth. by use of a whitelist in the router: again far from foolproof as MAC spoofing isn't hard, so we're told, but another tool available.

But only as far as the public IP, *not* a particular machine or user behind a NAT router, as is the case with the vast majority of domestic installations.

The UK's Communication Act 2003 is a very badly written bit of legislation. Its own definitions of terms are very broad, circular or just way off the mark as to how the internet works. A lovely little goldmine for the lawyers...

Under that Act most domestic installs would fall under the category of "Communications Provider", rather than "Subscriber", as the internet service provision is shared by a number of individuals over a network that is provided and maintained by the purchaser of the service.

Unless you have a "hidden" SSID in the list that is set to automatically connect. In which case the device has to transmit that "hidden" SSID to find out if that station is within range. The station isn't transmitting it as it is "hidden", so it won't appear in the list of stations that the device can hear...

Hadn't thougth of that, you're right. Bah!

[...]

Yikes. I'll stay in Scotts Valley, thank you!

:)

MAC spoofing is trivial on most platforms.

There's a setting for it in the router. On Windows, or Linux, you just type in the MAC address you want.

On Windows, you can even generate any MAC address you like, based on the fact the first half is manufacture specific, so you give it a manufacturer, and it spews out a MAC that could have been assigned by that manufacturer.

I have no idea how to do it on Android, but, I suspect it would be as easy as the rest... (does anyone actually know?)