wifi – iOS 10 Warning: Hidden Network Can Expose Personal Information

iosprivacySecuritywifi

I am aware that 'hiding' a wifi network/SSID does not make the network MORE secure, but Apple's warning on IOS 10:

Using a hidden network can expose personally identifiable information

seems to indicate that hidden networks are LESS secure.

Clicking the 'learn more' link does not give any further info supporting the claim.

Exactly how can hiding an SSID make the network any LESS secure (by "expose[ing] personally identifiable information")

Best Answer

Clients that connect to known networks automatically will advertise “hidden” SSIDs in all of their probe requests. This results in your device broadcasting those SSIDs everywhere you go, to anyone who’s listening.

This behavior is dependent on the client’s operating system. For instance, you can configure Windows 7 and later to not connect to hidden networks automatically (only “visible” ones). That prevents such broadcasts from happening, but then you have to connect to hidden networks manually every time.

On the other hand, iOS and macOS always connect to known networks, hidden or not. The fact that iOS 10 warns about this would indicate that Apple has no plans to add the kind of toggle switch that Microsoft added in Windows 7, or to force the user to connect manually. Therefore, iOS and macOS constantly broadcast all the hidden SSIDs they are capable of connecting to.

Microsoft explains this behavior on TechNet:

A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.

Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks.

Now as to why this is a privacy issue:

Should I point out the irony of broadcasting an SSID in the direct vicinity of the access point trying to hide it? Except instead of only having the AP broadcasting it, every client in range does. Then the AP responds to each of those clients with the SSID anyway.
Instead of limiting SSIDs to the vicinity of their respective APs (like in the case of visible networks), your phone goes and broadcasts those hidden SSIDs to everyone near you, everywhere you go. Worse, SSIDs may include first and/or last names, which I’ve seen people use in network names.
Your set of preferred hidden SSIDs acts as a signature that may uniquely identify you. Let’s say for instance that my neighbor uses the hidden SSID My Secret SSID. Now if I sniff a broadcast beacon containing My Secret SSID at Starbucks, I can infer that a member of his household is nearby, or one of his guests. Based on the other hidden SSIDs among that person’s broadcast beacons, I may be able to determine exactly who I’m dealing with. Conversely, I could walk up to that person, recognize them, then assign a face to their unique set of hidden SSIDs.
Let’s say you carry your phone with you everywhere you go. Someone with a large-enough network of radio receivers could know where you are at any given time, figure out where you work, where you spend your time, whether you’re home, etc.

1 and 2 show how trying to hide an SSID makes the privacy of its network much worse. 3 and 4 show how that extends to your personal privacy as well.

Sound far-fetched? Criminals/advertisers/jealous exes/the government have done worse things. In fact, MAC addresses were once used to track shoppers’ movements through malls. Apple subsequently randomized MAC addresses in probe requests.

Thankfully, no one I know has used a hidden SSID in well over a decade, and I haven’t seen that practice recommended in even longer long.

Bottom line: don’t hide your SSID. It achieves the exact opposite of what you think it does.

Update: Since there seems to be some confusion as to why you can’t connect to a hidden network without broadcasting it to the world, as well as about security vs. privacy, let’s make a fun analogy.

Imagine a driver (the AP) is picking you up from the airport. They don't know you, and you don’t know them. So they hold up a sign that reads, “John Doe.” When you find them, you (the client) go and tell them, “I’m John Doe.” This is what happens when connecting to a broadcast network.

Now, imagine that driver is trying to be super covert, and doesn’t hold up that sign. What happens now is you have to walk around yelling, “Who’s picking up John Doe?” over and over, until finally the driver steps forward and responds, “I'm picking up John Doe.”

In either case, you then exchange credentials, make sure you’re each who you think you’re dealing with. What happens after authentication is just as secure either way. But every step leading up to it compromises your privacy.

Related Solutions

IOS – Can iOS 4 connect automatically to a closed network with a hidden SSID

Okay, so this solved the issue for me. Could ber completely wrong because my fix isnt ipod/Iphone related, although the same proplems described above have happened to my ipod.

*Please note: Precedure will vary for other routers. These instructions are specific to Netgear DGN2000 Wireless-N Router with Built-in DSL Modem.

Step 1. Using your computer, log into your routers login/Manager page. my default login address is * http://192.168.0.1 *

Step 2. Under setup (on the left hand side) click Wireless Settings.

Step 3. In the first section under "Wireless Network" there is a sub-heading "Mode".

Select the desired wireless mode. The options are:

* g & b   - Both 802.11g and 802.11b wireless stations can be used.
* g only   - Only 802.11g wireless stations can be used.
* b only   - All 802.11b wireless stations can be used. 802.11g wireless stations can still be used if they can operate in 802.11b mode.
* Up to 130 Mbps   - Wireless stations that support up to 130 Mbps can be used, such as the WN511B. In this case, your router will transmit two streams with different data in the same channel at the same time.
* Up to 270 Mbps   - Wireless stations that support up to 270 Mbps can be used, such as the WN511B. Your router will run in channel expansion mode to achieve 270Mbps. This mode will support 40MHz or 20MHz bandwidth. The router will transmit data with expansion or no expansion frame by frame to avoid interference from other APs/clients data transmission.

The default is "Up to 130 Mbps", which allows all 11b and 11g wireless stations. The NETGEAR WN511B runs at 126 Mbps or 270 Mbps when accessing this router.

Mine was set on "Up to 270 Mbps" mode. the iPod/iPhone's do not support this mode very well.

THe best choice i found was the "Up to 130 Mbps" mode. My iPod connected straight away and has worked perfectly with my hidden network.

Step 4. Be sure to save and apply your settings.

If this helps anyone, please post a reply. Interested to know if this is "one" solution to what could be one of many problems on this topic, actually works for others.

<3 Dallen :]

MacOS – Safari not warning on SSL certificate hostname mismatch

So, as noted in the update, Safari does actually warn you -- once.

If you decide to proceed anyway, then for the remainder of that browser session, you need to remember that you're talking to a potentially compromised server, because you will see no evidence of that except by examining the certificate (by clicking on the https/padlock icon).

However, exiting Safari and restarting it restores the warning. A visit to the compromised site in the new instance of the browser once again presents the warning.

Best Answer

Related Solutions

IOS – Can iOS 4 connect automatically to a closed network with a hidden SSID

MacOS – Safari not warning on SSL certificate hostname mismatch

Related Question