Method 12: SSID Broadcasting

1 Shield

Turning off the SSID broadcasting will stop your WiFi router from announcing itself publicly—it won’t show up on the list of available networks when someone tries to connect their device to a network.

The bad news is that turning the SSID broadcast off does not make your WiFi router any less visible to hackers. In fact, the tools that they use will not only identify the WiFi router, they typically also display what devices are connecting to it, what type of security is in use, and even guess at the manufacturer.

Turning off SSID broadcasting rates a 1 shield as it does take a basic level of sophistication to download and use WiFi surveying tools like Aircrack-NG that would display a lot of information about hidden and broadcasting WiFi routers in the area. It really doesn’t matter whether SSID broadcasting is on or not.

Also, while some recommendations include changing the SSID of the router to disassociate it from the either the vendor or the owner, the same survey tools will still display the unique identifier (BSSID) regardless of what name you provide (ESSID). They can guess at the manufacturer based on the first three digits of the BSSID. If the WiFi router supports HNAP, then the hackers have direct access to even more information about the router than what would be disclosed by a name of the vendor.

If you have ever tried to connect a device to a WiFi network, you have probably seen a screen that displays all of the nearby WiFi routers and access points. This is because each of these WiFi routers are periodically letting everyone know who they are through the SSID broadcast. It’s tantamount to standing on a street corner and shouting your name, hoping that friends in earshot will hear you and say “hi.”

Turning off the WiFi router SSID broadcasting doesn’t make your WiFi router disappear. Sure, your WiFi router’s name (SSID) will not show up on the “nearby WiFi list” when a device is trying to connect, but that’s not really protecting your router. Pretty much anybody can download and use tools to identify not only all of the local WiFi routers, but also all of the WiFi clients nearby.

Remember standing on the street corner? Well, it turns out that if a client cannot “see” a SSID broadcast for a WiFi router that it knows about, it will then broadcast it’s own “are you there?” to try and locate it. So, either way, the SSID does actually get broadcasted, and anybody listening can then know about both your WiFi router, and any clients that you have connecting to it.

Airodump Survey

 

In the above image, the Airdump-NG tool was used to survey the lab. The top half of the screen shows all of the local WiFi routers / access points, while the bottom half displays all of the clients that are either connected or searching for connections to WiFi routers / access points.

This is the typical tool that hackers would use to find your router, but anybody can download and use it—it’s open source and freely available as a testing tool! Note how much information it displays—the name of the SSID, the type of security being used (if any), even the manufacturer of the WiFi router! The client section is even more interesting, as it lists all of the WiFi networks that the clients have connected to previously.

In other words, there’s no hiding from the bad guys!

So if it’s so useless, then why bother turning it off at all? Good question. Some argue that it’s a waste of time, and just makes connecting inconvenient for all of your client devices, as they have to manually be connected to the WiFi router. Others argue that it’s still a valid security measure, as hackers are more likely to go for the highly visible WiFi routers to hack, thinking that since their owners aren’t sophisticated enough to disable SSID broadcasting it also probably means they aren’t sophisticated enough to take other precautions.

It’s up to you. “Security through obscurity” isn’t security at all. We gave this a 1 shield of protection as it does require a basic level of sophistication to download a tool like AirCrack-NG to work around it, and that’s being generous.