Wi-Fi SSID: To Hide or Not to Hide?

If you read just about any article about Wi-Fi security the question of hiding/not hiding your Wi-Fi SSID (Service Set Identifier) will almost inevitably come up.  The SSID is the Wi-Fi router’s “name”, and it is what you click on when you wish to connect to that network.  Most of these articles will say that hiding your SSID is counterproductive as it will make you more interesting to a hacker.  In full fairness, this also includes my own writing.  In both the Windows 7 and iOS editions of Your Ultimate Security Guide I recommended NOT hiding your SSID.  I had some reasoning for recommending this: in my estimation it amounts to profile elevation.  Like sending a Do Not Track request to a website, a hidden SSID makes you more distinctive than everyone around you.

But does hiding your Wi-Fi SSID alone really make you a more attractive target?  To quote the inimitable Ulysses Everett McGill of O’ Brother Where Art Thou?, “it’s a fool who looks for logic in the chambers of the human heart.”  To unequivocally say that an attacker will target you just because your SSID is hidden may not be tell the whole story, or may simply be dead wrong.  Criminals are not known for following the same set of mental processes that guide the actions of the average, law-abiding individual.  Sure, it may make you the more interesting target because you may seem like the more challenging target.  But just as equally, it may not.  The hacker may be looking for soft, langorous targets.  Or perhaps he or she is after a specific target that is not you.

I think the reason this is constantly brought up is that SSID hiding has been placed in the “security” category of features for Wi-Fi networks.  I contend that this is not a security feature at all.  Choosing not to broadcast your SSID is, in my opinion, merely a choice about how “noisy” you want your network to be.  While hiding your SSID cannot protect you from Anonymous, it do a few things.  It can prevent your neighbors from seeing  your network, and prevent kids in the waiting room at your practice from connecting to it.  Again, it will absolutely not prevent a determined adversary from finding your network.  There are various tools including inSSIDer and Kismet that will find these networks with ease.

My bottom line is this:

  1.  Hiding your Wi-Fi SSID network is a personal preference that is essentially neutral as a security measure.  It doesn’t necessarily make you less secure or a more attractive target, though it might based on factors that we can’t begin to model (i.e. human unpredictability).
  2.  Hiding your SSID for security reasons is ineffective and an example of security-through-obscurity.  If you are hiding your SSID as a security measure you should reconsider.

There are meaningful security measures you can take for your Wi-Fi network.  The best and strongest of these is to ensure that your signal is encrypted with WPA2.  The WPA2 protocol is actually very good (do not use WEP or WPA).  It offers much, much more protectiong than silencing your Wi-Fi SSID.  Another meaningful measure is to use a virtual private network; this will protect your traffic regardless of the security of your Wi-Fi.  It will also protect it at a much deeper level, and provide you with a bunch of other benefits.  We will delve much more deeply into Wi-Fi security in the upcoming Thirty-Day Security Challenge, so stay with me!

One thought on “Wi-Fi SSID: To Hide or Not to Hide?”

  1. I equate hiding an SSID as a deterrent. I have flood lights on my house, “beware of dog” signs, home security system (with visible signs), solid locks on my house. Those are not a 100% measure, but they likely deter the majority of break-ins. High payoff / low risk is the ideal house to break into. If I immediately look like a nightmare situation, I’m decreasing the chances that my house is worth the effort. It has to be a fringe category of criminals who want a “challenge”, where this would increase their desire to burgle my house. Its not statistically worth it.

    I imagine some of the same line of thought travels over to the digital realm. If I want to get into someones network, the easy prey is the person who hasn’t changed their default password…not the person who demonstrates working knowledge by hiding their SSID. That alone may be a deterrent.

    Because this is a fairly common practice, I doubt it raises my profile to a degree where it matters. If this entices my adversary, then I have worse problems than my SSID.

    Along the same lines, choosing a sarcastic or witty SSID may actually be the thing that makes you a target. Black hat society tends to have a sense of humor, tends to be a little egotistic. If they’re initially spotting for prey, seeing “FBI Surveillance Van”, “Virus” or “Not Your Wifi” may spark a desire to own your system, to give you a virus, to make it no longer your wifi.

    An innocuous SSID blends in with the neighborhood (let FBI Surveillance Van draw all the attention). Furthermore, each router comes with its own vulnerabilities. If Netgear routers have a known security flaw that are often un-patched, I could drive through the neighborhood scanning for SSID’s with Netgear in the title then attempt to exploit that security flaw. The SSID gives me guidance on where to focus my efforts. If you have a Netgear router, but name it “Belkin 420-081”, I may just blow right past it (conversely, if you have a Belkin and name it Netgear, the security flaw likely is not the same so it just wastes my time and costs you nothing).

    What other SSID’s show up in your life that you don’t pay attention to? Printers? IOT devices?

    This is poor-mans security advice, maybe I don’t understand the signature I’m actually presenting when
    my wifi is labeled as a printer. Anybody?

Leave a Reply

Your email address will not be published.