Maybe I should have been clearer in this video about how hiding SSIDs negatively affects roaming between APs. It seems a lot of comments are from people who are only thinking of single AP home type setups. There are technical problems with hidden SSIDs. I may make another video at some point to demonstrate this more clearly.

Hidden SSID's have a real world benefit that most people seem to miss. It's the benefit of not cluttering up the SSID list with wireless networks that are never intended to be joined by a human. For example, IOT devices on their own secure vlan, streaming media, security cameras etc...

I think hiding the SSID is still useful as it hides it from casual users doing a scan of available networks.

Just because there's not a security benefit to hiding an SSID doesn't mean it isn't useful. Come into my office and the only SSID you'll see on your phone is my Guest network. We have several other hidden SSID's for corporate laptops and other special devices (all secure). Hiding the SSID makes for the appearance of a clean environment and removes the question of which SSID people should connect.

I deploy 802.11 networks in entertainment venues for control. Hiding your BSSID is simply a way of stopping several thousand smartphones polling your AP constantly in the background. As a security measure it's not particularly effective, though I don't think anyone has really thought that it would be for many years.

Main reason I hide SSIDs in deployments is to remove any networks that users shouldn’t bother trying to connect to. Is the network only for certain devices with no UI? Hide the SSID. Is the network supplied via a GPO to clients and uses WPA2 Enterprise for auth? Hide the SSID. Etc. etc. ad nauseum. That way a user looking for the guest WiFi will see that at the top of the list, and doesn’t get confused. And it makes ever so slightly harder for an attacker to enumerate the infrastructure, not much, but ever so slightly harder. Does it stop anybody? No, but then again, most things doesn’t entirely. And security through obscurity does have it’s merits, try logging all connection attempts to a server exposing SSH on tcp22 to the internet, and then compare that to what happens if you move SSH to say tcp23.

So let me get this right, the reason why the hidden SSID is bad, is because "I have to type it in manually", but the guy trying to find me needs more time and a bit more knowledge to find the SSID? ...

A friend of mine asked me to set WiFi up for his family, but he wanted it on a schedule that switched off the WiFi at 10:30pm, so the kids didn't stay up all night playing on their phones... so I also set up a hidden SSID for the parents to use late at night when the main SSID shuts down as he didn't want the kids to know there was another way to get on the internet... worked pretty well for them.

I agree that hiding the SSID is totally useless for security and I don't think it was ever intended as a security feature. That does not mean however that there is no use for it. Just one example of many diverse uses - let's say you have a commercial establishment, like a shopping center and you provide free WiFi. Apart from that you have a separate network that is just for point of sale machines and maybe yet another for security cameras. It is pointless having the latter two show up on clients' SSID list when they go to connect to the WiFi network - it is just clutter. It's just aesthetics perhaps but why not make things cleaner and more sensible when you can at no cost?

Security, no. But, when you've separated your WiFi into multiple SSIDs, using separate VLANs, it's nice to hide those that you do not need to connect to from your personal devices. i.e. I don't broadcast my IoT SSID, as no one needs to be able to quickly connect to it. So, to say don't do it, is not a very good thing. There are purposes for hiding, it's just not for security.

If you can't think of a reason, that's on you and not the technology. We deploy non-hidden SSID APs for the entire building. The hidden SSID's are used in places where there are already public SSID's available for general use. The hidden ones are WIFi routers are used to make sure, along with MAC address whitelists, that only those approved devices connect to it. These devices are not 100% foolproof, but with separate DHCP pools using a different subnet on a different IP block, and host allow/deny lists on servers, it is far more difficult to accidentally browse that network connection. As the power on the router wireless signal is set low and the concrete and rebar make it virtually impossible to browse from outside the area it is in. The hidden feature coupled with a public WiFi SSID in the same area provides cover and reduces the likelihood that someone goes looking for what I don't want them to see.

I don't use Hidden SSID's for security, but I use it for a wireless bridge to other AP's because no one needs to see that and be confused by it as far as end devices.

I've always told people hiding an SSID is not intended as a security measure it isin fact meant really for infrastructure networks soyou're not bombarded by a million Wi-Fi networks or your phone every five seconds saying there's a wi-fi network available

There is only one place that I have ever setup hidden SSID's in my 19 year career of a wireless engineer, and that was for a public guest wireless solution in the middle of a city and the sole purpose was to minimise DHCP exhaustion from every Apple device at the time (configured by default) to connect to any open wireless network and suck the DHCP scope dry in minutes as they walked past the network!

I have to disagree that there's no benefit. I'll explain. At my work we have public wifi - weak signal. I installed some range extenders - It's a huge place. 200 employees. . Soon I was inundated with accusations of "breaking the internet" because the users would not clear their cache because they didn't know their various passwords and hadn''t rebooted in 3 years. . Suddenly the range extenders disappeared and so did the accusations. Where did it go? I dunno - It disappeared. They simply didn't have free WiFi anymore and I had peace. Only one of us has unlimited free internet now. . You're assuming here that the average user can actually do anything more than bumbling through calling somebody on their phone. That's about all they know and " don't touch my phone - it's perfect" . There is a place for hidden ssid's.

You're assuming that people do this for security. But there are other reasons. For example we hide an SSID as users constantly tried to connect to this SSID instead of the Guest WIFI and generated heaps of service desk tickets. We hid the "problem" SSID and the calls stopped and users had a better experience.

I have hidden SSID on my network, but it is basically only to "hide" it from regular network scan for when people want to connect to a new network. Not a security thing, just so it doesn't show up in the list and people might pick the wrong one. Also, I don't share my network with anyone so, there is no need to have it "visible" like default. I could of course go with a visible one, but why "clutter" the lists? :)

We hide networks for thermostats and smart switches for larger installations in hotels.

I don't understand why people hide their debit/credit card from the public eyes instead of going around having their debit/credit card stapled on their forehead. After all, it is not like people who aren't supposed to use it will be able to use it anyway because they don't have the PIN of the card. So, yeah, DON'T DO IT.

There is a benefit its a extra step in cracking it. You just hate it because its less user and scriptkiddy friendly.

There's no issue with hiding your SSID, just don't do so believing it's adding any significant security.

You clearly dont work with large amounts of devices and networks.

they serve purposes, I usually create hidden ones for the tech and admin staff, that has a fixed password not integrated with the radius authentication. so that I will not get questions from normal users asking how to attach to it. They are not a big deal and they are not security features

I used to hide my SSID when I lived in a dorm. We weren't exposed to have any routers (I know a wifi AP is different but I had both). I know if someone in IT wanted to look for roge APs they could find mine but it limited my chance of someone locating it. I also broadcast only in 5G with the power turned way down and used an unused DFS channel so I wouldn't be overlapping any channels the school used.

Having a good excuse not to give connection when there is someone at home having a party with a lot of people you don't know.

Do Hidden SSID's help in privacy from google-maps, and other companies running mapping-cars on public streets to capture geo-located images/videos and SSID's ?

"it just makes it more of a pain when you have to manually set things in your phone"... yes that's the benefit. Wifi Hidden SSIDs - feel free to do it if you want or have reason to.

You forgot to mention that usually when you "hide" something it just make people more curious about it... 😂

So more of a pain in connecting your own devices to your network and not necessarily creating security bug vulnerability when hiding the SSID.

Would this not stop the Google streetview wardriving car from updating its database of access point ssid/mac's ? or at least hinder it somewhat ?

The video title suggests that hiding the SSID is not safe, which is of course not true! I was about to restore the SSID, but I watched video to the end and I won't change anything.

I have the best wifi security. It's too weak to barely even reach the rooms in my house and it can't reach further.

I can agree that hidden SSID should not be confused with network security, but it is not without reason. If you allow public WiFi access, it will help that public know which SSID to connect to if you hide your private, privileged SSIDs. It is also considerate in a network rich environment, like in or near an apartment building to hide your SSID to keep the available networks list shorter for your neighbors. To avoid the extra typing, just set up client devices first then switch to hidden SSID.

does this also hide the bssid? cuz if it does then how can the hacker sniff incoming and outgoing packets without knowing which bssid to scan?

Question, but you are capturing from with in the AP network this is why you see the packets correct me if im wrong. Now if someone is probing ssid's with a sophisticated sniffing tool they still can't see the ssid name because its not broadcasting right? unless they're lets say your mobile device thats been comprimised and are able to see your packets. I'm just trying to understand how can a wifi hidden connection get comprimised if during transit of credentials the devices are not that are comunicating aren't comprimised. Good video though on how to read the packet capture.

Am I missing something. He says hiding said is a hassle. Isn't that the point? An expert will sniff out your said easily but hiding your said will deter the simply curious and that's something to consider. However disabling said broadcast reduces airtime efficiency by increasing mgmt overhead.

Wow what an empty video. The only thing it demonstrates is that you have to type the ssid when it's hidden (wow breaking news) and that the protocol displays the ssid in handcheck (second breaking news). Security is provided by the strength of the key you created that's it. But it doesn't mean that you shouldn't hide your ssid for other reasons. And "oh no you have to manually type the ssid" is not a valid point at all. If an "expert" can't think of any usage, I guess it's time to drop the functionality. Or change the expert maybe? 🤔 Your choice

Great video! Thanks for sharing your knowledge with us!!

Easing the life for others by reducing the numbers of networks they are never meant to join does not count as useful.

I assume your wireshark instance is already in the cwne88 network, this why you have the BSSID in this instance? if a hacker from outside has no clue what your wifi name is and doesnt know what type of router or AP you use for making the wifi connection possible, would it not be more challenging for them to get such info? i'm sure there are tools that can get info from mass probing, but there would still be a guessing game for passwords/phrases and so forth if the beacon advertisement (MAC addr) was captured. Seems like a much longer process than just showing a sniffer that is already on the network being accessed from your phone. still I'm open to correction and guidance in my understanding. If comment is accurate then like else rm -rf /

I just do it to hide it from my neighbours. Theyre not at all tech savvy but they love complaining about my network pushing theirs away, so I just hide it now

I like it when he said 'Just enjoy your network'.. cheers mate

I don't agree at all, I always hide my SSID because there are some people around me that I don't trust at all and by hiding my SSID I haven't seen any funny business anymore from them trying to get into my network and I also own a Raspberry Pi 3B+ which isn't able to connect to my wireless network when I hide my SSID which means I know that there must be more devices not being able to connect so to my opinion just for those two reasons alone I believe that hiding your SSID is better than just telling everyone around you here I am ready to get hacked. I also live right next to a public library, a school and a supermarket and that's another reason why I hide my SSID, I don't want all those people being able to see my network and I don't share my network with anyone not even with my friend because I just don't trust nobody so I will keep my SSID hidden because I believe it's beneficial to me. Best regards, Ricardo Penders

I see huge number of APs with hidden SSIDs and WPA2 Enterprise security in residential areas. What are they?

It helps if you don't want your neighbors to bug you for the password

So what happens after the connection is established? Does the ID get transmitted when traffic for a website gets sent of received? If the ID only gets transmitted during the connection process, then there has to be someone monitoring the Wi-Fi during the connection phase. People driving by looking for Wi-Fi connection would probably miss things. After the connection most everything is encrypted is it not?

Pfffr. There are legitimate use cases for hiding SSID's that have nothing to do with security. Do your research before saying it's crap and a blanket "Just don't do it". Expert--.

When the SSID is hidden and client configured to connect to a WPA network, is the SSID still sent in plaintext?

How about so when people close by are connecting to a network and you don't want them to see the same network you use

Is it okay to use hidden SSIDs for a wireless bridge? (Two directional Access Points as a transparent bridge to get network access to a remote building).

Ok, so maybe i will keep my front door opened too, because anybody with the right tool can open it anyway if kept closed,right? so to keep it closed doesn't make sense i guess...C'mon...

Hiding SSID is kinda useless when on pc because it will still broadcast that there is a network that is hidden hence the "Hidden Network" showing up on the WiFi list on desktop but not on mobile. This just attract hackers that uses laptop to force their way in your local network with more powerful tools. It's been years this has been implemented and I wonder why it can't be completely hidden. Just use the latest security standard WPA3

Too many jargons for me to understand. I have a MeshForce and only wan to connect my work devices. I do not want my kids discovering an additional Wi-Fi network. How can I hide it? In the time being, I have given it a name similar to one of my neighbors so they would never notice it.

Bro is onto absolutely nothing 💀💀

From your last comment/sentence you said at the end of this video mentioning "people having a false sense of security by hiding their SSID" tells me that your intent to make this video was to deceive people in thinking there is no reason to hide your WiFi SSID. In fact, there is absolutely a reason to HIDE your SSID. What people can't see, they can't hack (or at least it makes it more difficult). Think of it this way... Say there are two houses next to each other. The front door on the right house is closed and most likely locked (hidden SSID). The house on the left is clearly open (SSID NOT hidden a.k.a. Broadcasting). Which house would a thief hit? The point is hiding an SSID is a better deterrent than broadcasting your Wi-Fi's SSID name to the world. PERIOD! If you think your video would confuse people in determining your actual intent to educate people with APs, then take this video down and make a new one. You absolutely sound like someone that drives around looking at all the Broadcasting wifi SSIDs and tries to hack in and steal people's banking info!

I didn’t hide it, it did it on its own!

I had a hidden network show up on my laptop and I could not turn it off. The next morning it was gone. What was this?

Isn't there a benefit of no useless probes? Wouldn't the wireless reception be better without all the probes in the air, especially in crowded spaces (e.g. at a concert)? Or is that effect immeasurable?

I just hard code the MAC address to the router for all the devices I want to access the router and ban everything else and hide my SSID. it works wonders for me for years. never had a problem. And my connections is super quick. Not to mention I run pfSense on my network :P

hey bro , does hiding wifi causes any connection issue ?

Great video. I’ve heard that hiding the SSID will increase network traffic. I was hoping to see an answer in your video if this is true or not. Can you confirm this? Dennis 🇳🇱

Your MAC looks like it's in Lidcombe ?

For hiding it from an average user it is usefull. A few tears back with data caps. And visitors asking if you have wifi

My phone detect a wifi signal not encrypted name it's name "wkwk" but according to my wifi security app it's has unknown ssid. What does that mean? Thank you

You can use tools like Kali Linux with Airmon to watch all the SSID and once a device tried to connect to hidden SSID it catches it for you. Good video. Thanks

same with airodump ,, even if its ssid hidden , soon as a client connects the ssid automatically shown .. so pointless having it

IMO is better to hide ssid. Don't want to show others if I have any wifi.

bummer, i thought you were going to do a cain and able hack :(

what you should have done, is trying to capture communication between the 2 devices after authentication to see if the SSID will be shown, authentication happens one in year or so, but traffic every second

makes sense.

Why shout your identity and give your neighbors a hint of what to attack? I've seen people driving around in neighborhoods trying to connect to the neighbors' WIFI, and I can guess with relative certainty who's who on my street with the funny names (usually matching personalities :) ). Why offer your name and remove 50% of the guess-work for an attempted hack? OTOH, if you use security best-practices, you're safe, and it certainly is easier to manage your connections when you can see and click. Very nice explanation and visual presentation! Cool stuff to ponder.

But why is it less secure? I have a message on my iPhone that tells me that using a hidden network can expose personally identifiable information. Can you explain why this is less secure

Want to hide your network: use cables

What's that screen you got? please!

Hidding SSID seems like removing the handle from your door to achieve "better security".

This is my thinking...If you have a home with your private wifi and you hide the ssid you must put the credentials maualy only once on every device...there are 99% people that will thought that in your house is no wifi and this is good (no password guessing or trying to get on the wifi)...but there is also 1% of "smart people" and hackers that can shiff the network...but the main fact is that 99% of regulary people if the smart phone are not showing the wifi think that there is no wifi. Soo in some way I thing that hide SSID is no so bad idea.

BSSID is meant for when you don't want your network to be "visible" to other clients. Knowing the SSID allows a client to not only remember the network but also subject that AP with access attacks. To put it another way, if a device cannot identify your network (even if it can see a hidden one), it won't be able to attempt to connect. The way you make a BSSID secure is to enable WIRELESS ACCESS CONTROL on your AP. Now even if the client does have the BSSID and password the AP will boot it off at the MAC address level if that device hasn't been added to the list of unique MAC addresses allowed to connect. And without physical access to the AP first, being able to connect any device will be impossible. This holds true when trying to connect to a shared guest network as well that requires no password. If you go through a lot of wireless devices frequently (tech reviewer) it can be a pain to constantly update this list, but if you only have a few clients around setting this wireless access list will only need to be done once. Combined with a BSSID it will make your network pretty much invisible and impossible to connect to for outsiders. But no, telling people just to not use BSSID is WRONG when it actually gives you an additional layer of privacy FOR FREE.

Your voice tone sounds like someone who knows what he's talking about, but that's about it.

Question, I know somebody who insisted on running their temporary and mobile network with the SSID hidden, saying that it avoided having the crowds trying to pin it looking for an internet connection during the concert trying to connect bogging down the control Network. If I'm remembering this right he also used WPA2 encryption, so I was like nobody's going to be connecting to it anyway they don't have the password. And cell phones aren't really going to be pinging it any more than they would to get the name which is broadcast. I am fairly well-versed in networking and audio and this person was more to the latter so when he had it set up and working then you didn't want to touch it. it didn't help that I plugged in my access point and suddenly nothing worked when he turned it on so I must be the problem. Consequently I spent a literal hour trying to connect to his Network because I kept getting the spelling wrong without knowing it, and I couldn't get the spelling right because I couldn't connect to the internet to use speech to text. Which is one of the reasons why on my networks on a temporary basis still connected to the internet if I can. Of course what also didn't help is that we were all standing in a giant white parabolic dish Bandshell boiling away....

Such foolish advice. it is the difference between passive or casual listening and intentional snooping. When you hide the SSID one must be snooping to get the information. When you are broadcasting, it is easily seen all of the time. This is substantial. I hope you do not put yourself out there as a CISSP or similar.

sadly there's no hacker in my neighborhood :( so i keep my ssid hidden :)

Why do all secure buildings hide them then

I have a hidden network that comes and goes on my computer What is causing it? I am not doing it.

requiring a packet capture to even interact with your AP is, objectively speaking, a security improvement even if it is a trivial one. i'll admit that's kind of a pedantic point though. on the other hand, if you have an AP that is only ever going to connect to a few devices that rarely change (e.g. a home network for your phone and laptop), then why not have it tell other devices in the area that it's supposed to be ignored? isn't that what the feature is for? broadcasting your ssid is a little bit like having a public DNS entry that points to resources on a private network. it doesn't impact security (beyond i guess leaking a bit of information), but what is the point of broadcasting information that is only useful to clients that already know it? it's just messy. i understand the purpose of this video is to set people straight if they think "hidden" means "the ssid is a second password" but i'm not sure that's a common misconception among people who even know that hiding your ssid is an option (as evidenced by the comment section of this video.. if lots of people were coming here after seeing "hidden ssid" in their wifi settings and thinking its a security feature i feel like most comments wouldn't be some variation of "yeah obviously it isn't for security; i use it for XYZ though, so it isn't totally useless". i got here because i was looking for information on the roaming/autoconnect issues you eluded to, for example).

If you had a single direct wifi router ,you shouldnt hide it , if you had home network system you can hide the main service provider router.

heeeey im in a big trouble now. please help me asap :(. i was in the toilet. i was curious about wifi settings. then i messed up. i think what i did is hide the SSID. but when i try to type the SSID and PW with the right upper and lower case still i cant find our wifi. my guess is the one who renamed out SSID have spaces and bcoz its invisible i have to random guess it. or not i dont know. but i cant find our wifi. im only using my smartphone and i have no other device at home. pleaaase can you show or teach me other option. like even how to factory reset this wifi so that i can start from the basics again

This has always confused the shit out of me. I absolutely agree it's not a good overall security solution as it really doesnt do a whole lot in the way of hiding the SSID since what hackers are targeting is the handshake which contains the SSID. Plus the supplicant (client) is screaming "Does $SSID exist here" into the airwaves (If the client is storing the profile for the SSID and wireless in enabled on the device). But if you are not constantly connecting clients to the SSID this absolutely can make it more challenging (Not impossible) for a bad actor to enumerate the SSID of your network. Yet everyone seems to take the "It's bad security practice to hide your SSID" approach or "Dont do it" as you put in the video title. Everything you do to make it mildly more challenging for an Attacker is good security practice. Do the cons outweigh the benefits? I think that is more subjective than anything. The core of the issue here is the handshake tho - NOT whether or not your beacons contain the ESSID.

Yeah I can see that in the wire signal is eak

I don't think this video makes much sense... You had to know the SSID in the first place. It's a form of security by obscurity in my opinion.

I still don't understand why you say there is no benefit in hiding the SSID. If no one is connected with an iPhone, let's say you are away on vacation, the SSID is not transmitted at all and no one can discover it. Am I right?

Sure, there't no point of hiding our SSID in the house because everyone is a networking expert and often use the packet capture software to look for hidden SSIDs around their house. Got it.

What about a point to point link.. isn't it a good thing to hide the ssid

Stating the obvious ;)

I see all these people disagreeing in the comments, but he is absolutely correct. A person doesnt even need your ssid to attack your wifi or to attempt to crack the password. With airmon-ng on a kali box I can get your bssid which is all someone would need. The best security measure you can take is to have a long password. I personally use a phrase with the words spaced with special characters and numbers.

"well apart from being crap" okay, you have my attention hahahahahahaha.

How is this not an added level of security?? it’s not useless…

This music. 10/10

No real hackers in the comments... We now have an idea about his home security system (a penetration tester will notice it.) I won't/can't exploit this knowledge, but he should have turned the camera down a couple of degrees. This is not something you should advertise. All the same, fun video.

I do it

I was expecting more, for example in the PCAPs to see more detail being shared on hidden vs broadcast, I was disappointed in this video. Didn't learn anything, not a single thing. I was expecting more from a CWNE, apparently that designation is like the CEH, just because someone has a CEH(Certified Ethical Hacker), one would think someone who has the CEH is a hacker, frequently they definitely are not hackers, the certificate title tricked me. I'm thinking CWNE is the same after this video, just because the certificate contains the word expert....I wouldn't be too sure after this video.