This is amazing. Thank you so much. On Sat, 19 Sep 2015, Brandon Vincent wrote:
When you hide the SSID on your router/access point, the access point sends out beacon frames that have the SSID set to a null value. When your computer or other device wants to connect to a wireless network with a hidden SSID, it has to issue a probe request that contains the SSID of the hidden network. Your access point now responds with the information required for your device to connect. So when devices are establishing a connection with a hidden SSID, the SSID is leaked.
Hiding the SSID can actually decrease overall security because computers that are set to automatically connect to wireless networks are constantly sending probes with the SSID when looking for hidden SSIDs. When you set your computer to automatically connect to a non-hidden SSID, the computer only listens for the beacon frames from the access point your computer wants to connect to instead of having your computer will advertise what network it is searching for.
This makes it easy for individuals to spoof your router/access point (when the SSID is hidden) and cause your computer to connect to their network.
Are you confident that devices ordinarily don't do this? The reason I wrote my earlier post (that you responded to with equal amazing information) was because I have read of a journalist who went on a trip with a wifi hacker who demonstrated his skill. They sat down in a café or coffee shop and the guy put a little usb wifi device on the table covered by a newspaper or book. The device had a radio that he configured to broadcast the same SSID as the establishment they were at. Many devices connected to his AP instead of the real one and his computer started deciphering all of the communication between their devices and the internet. He had to do nothing else. The software started displaying passwords for email services and facebook and the like as they were sent by these devices to those services. I remember reading that "it is encrypted" but that equally it was painless to decipher it on the spot. His device just relayed the connections to the real SSID he was connected to (the real BSSID). He showed the journalist how he could now log into their facebok if he wanted to and he opened some of these pages (without logging in) and we saw the pictures of people sitting across the table etc. He could send them an email if he wanted to. He also said that his device would probe the devices for lists of SSIDs and we saw (e.g. on the journalist's phone) how the 'room' was being populated with those SSIDs by that device, ie. the device just posed as all of them simultaneously. I don't know or remember for what purpose.