Coro Ranked #38 Fastest-Growing Company in North America, 2023 Deloitte Technology Fast 500™  Read more

Start a Trial 
Watch a Demo
Contact Sales
Become a Partner
Compliance Survey
Get Support

Start a Free Trial

Try Coro for Free for the Next 30 Days

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Coro Platform

Watch a Demo

Explore our collection of recorded product demonstrations to witness Coro in action.

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
See how much time you could save with Coro guarding your business:
Instantly handle 95%+ of email threats
Monitor cloud app security from a single dashboard
Protect devices across the threat landscape
Prevent data loss with a deceivingly simple solution

Contact Sales

Receive comprehensive information about our product, pricing, and technical details straight from our specialists.

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Modules

Become a partner today

Turn your cybersecurity business into a revenue center

"*" indicates required fields

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Modules

Build Your Compliance Report

Does your business satisfy security regulations? Take the survey to learn how your industry, services, and location can impact your compliance posture.
Take the Compliance Survey

Does a Hidden SSID Make You Feel Safe? It Shouldn’t. Here’s Why.

November 15, 2021

Do Hidden SSIDs Work?

The logic makes sense: If it can’t be seen, it can’t be attacked. But that logic doesn’t always work with wireless SSID.

Many businesses and individuals hide their SSIDs (known fully as a Service Set Identifier) with the hope of eluding hackers. A prevailing theory in security has long held that by cloaking an SSID, hackers won’t know your network exists, and thus, can’t penetrate it.

Simply put, that theory is wrong. Cloaking your network isn’t as safe as you thought. Cloaking an SSID may buy you time, and even lull you into a false sense of security, but determined hackers will eventually locate your network. It’s easier than you think; they have the tools to do it.

KARMA Will Come and Get Your Device

The first thing to consider is that an SSID wasn’t created to be a security mechanism. An SSID is a network name and not a password. The SSID distinguishes your wireless network from others in the area. When a wireless device – laptop, smartphone or tablet – tries to connect to a Wireless Local-area Network (WLAN), it searches and listens for beacon and probe frames of the available networks’ SSIDs.

But many businesses and homes cloak their networks. Businesses will tell employees the company SSID so they can connect their devices to the network (or an IT administrator configures access for them). But hackers aren’t fooled; they get help from your device.

Your laptop and smartphone send out probe requests that seek information about nearby WLANs as the device tries to find the access point it’s associated with. Hackers love this because the information exchange between the device and WLAN includes the SSID.

All a hacker needs is a bit of KARMA – a set of wireless sniffing and responding tools that discover devices and their preferred networks by listening to those probe requests and responding. KARMA tools capture probe conversations and display the SSID in plain sight. What’s most troubling is that many of the tools have special features that enable hackers to seek non-broadcast networks.  

This is why you should be leery of using free Wi-Fi in coffee shops, libraries, store and other places. A hacker can sit unnoticed in a free Wi-Fi zone looking for non-broadcast networks. Even if your device is not connecting to your WLAN – and even if the network is miles away – it still remembers the hidden SSID and sends out probe requests looking for it. The hacker simply needs to pretend to be that SSID and gets access to your device before you even know it.

Similarly, a hacker can sit outside your business or home and use wireless sniffing tools to capture the many probe requests all around him.

Don’t Open Your Network to Commjacking

Commjacking – the hijacking of your wireless communications – is a legitimate threat that can cripple your business and cause damage to your personal finances and reputation. Cloaking an SSID, as you now see, not only fails to protect a WLAN but it also exposes devices connected to it.

To truly protect your network, use protocols that are intended to address WLAN threats. Try encrypted communication. Avoid using free WiFi with devices. If you’re a business, consider a Virtual Private Network, and using Coronet on your devices.

It’s not enough to hide from hackers. Taking legitimate security steps in plain sight will protect your SSID and network.  

Coro Cybersecurity News

Expand knowledge in cybersecurity
Coro was built on a simple principle: Enterprise-grade security should be accessible to every business. We believe the more businesses we protect, the more we protect our entire economic outlook.
Copyright 2023 © Coro Cybersecurity All Rights Reserved
chevron-down