It’s extremely easy to find the ID for a “hidden” network—all you have to do is use a utility like inSSIDer, NetStumbler, or Kismet to scan the network for a short while to show all of the current networks out there. It’s really that simple, and there’s plenty of other tools that do the same job.
Don’t believe me? Grab a copy, start it up, and then click the Start Scanning button—within a minute you’ll see a list of every single network in range. You can then identify which ones are using WEP and start cracking them.
Hidden networks show up as Unknown in version 1 of this particular tool, but they do show all of the other data about the network, including the encryption type and MAC address. Version 2.0 of inSSIDer actually does show the SSID for a hidden network. You’ll see in this screenshot the lhdevnet network is hidden.
Real hackers are going to be using tools like Kismet and Aircrack to figure out the SSID before they crack your network, so whether or not a particular tool is showing the right data is beside the point. Should also note that you can use this tool to figure out how to change the wireless router channel and optimize your Wi-Fi signal.
Hidden Wireless SSIDs Actually Leak Your SSID Name
When you hide your wireless SSID on the router side of things, what actually happens behind the scenes is that your laptop or mobile device is going to start pinging over the air to try and find your router—no matter where you are. So you’re sitting there at the neighborhood coffee shop, and your laptop or iPhone is telling anybody with a network scanner that you’ve got a hidden network at your house or job.
Microsoft’s Technet explains exactly why hidden SSIDs are not a security feature, especially with older clients:
A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.
Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks.
The behavior is a little better in Windows 7 or Vista as long as you don’t have automatic connection enabled—the only way to be sure that you’re not leaking the network name is to disable automatic connection to wireless networks with a hidden SSID. Microsoft’s explanation:
The Connect even if the network is not broadcasting check box determines whether the wireless network broadcasts (cleared, the default value) or does not broadcast (selected) its SSID. When selected, Wireless Auto Configuration sends probe requests to discover if the non-broadcast network is in range.
How Should You Secure Your Network Then?
When it comes to wireless network security, there’s really only one rule that you need to follow: Use WPA2 encryption, and make sure that you are using a strong network key.
If you’re not using encryption, or you’re using the pathetic WEP encryption scheme, it doesn’t matter whether you hide your SSID, filter MAC addresses, or cover your head in tin foil—your network is wide open for hacking in a matter of minutes.