Connecting to hidden WiFi spots

[steveh552]

I have a hidden WiFi connection at home and I cannot seem to find out how in my phone to connect ot this network. The only options I have are scan which only finds unhidden networks and advanced cut it will not let me enter in the info. Any help would be great.

 

[gabbott]

Honestly, the best solution is to not hide your SSID, it really offers you no security by doing that. Just make sure you are using WPA/WPA2 encryption. Anyone sniffing could easily find your SSID regardless of broadcasting or not.

Here if you want a read:

http://www.howtogeek.com/howto/2865...hiding-your-wireless-ssid-really-more-secure/

Even Apple mentions the same (look under the hidden network section):

https://support.apple.com/kb/HT4199

 

[liteon163]

Um, yeah. What HE said.

WPA2 is stronger. And it's easier to come up with passwords, since they don't have to be in HEX.

 

[steveh552]

I understand what is being said, not seeing an answer to my question.

Sent from my SCH-I535 using Android Central Forums

 

[Rev2010]

I understand what is being said, not seeing an answer to my question.

Sent from my SCH-I535 using Android Central Forums

Under the list of available networks scroll all the way down and choose "Add Network". Then simply put in the information for your home network.

I used to use a hidden SSID but did have some issues, for some reason the wife's laptop running Ubuntu Linux (that I installed) would often not connect when the SSID was hidden so out of frustration I unhid it. The others are right, while a hidden SSID is a nice security step if you have WPA2 enabled as well as "Remote Management" disabled in the router settings you'll be more than safe. Turning off remote management means no one can access the router configuration pages over wifi, only if they are connected via an ethernet cable. My main machine is connected via a cable so this is fine for me. I tested this extensively and while you do get a login prompt even entering the password 100% correctly you still can not login to the router's configuration.


Rev.

 

[steveh552]

That's the answer I was looking for. Thank you

Sent from my SCH-I535 using Android Central Forums

 

[Rev2010]

That's the answer I was looking for. Thank you

Sent from my SCH-I535 using Android Central Forums

My pleasure! Feel free to use the "Thanks" button


Rev.

 

[gabbott]

Glad you found your answer. I know my post was more commentary on wireless security. In some cases, like in a work environment where an employer has disabled broadcast there isn't an option other than trying to work around it. In a home environment where one has control of the wireless I still stand by it's just better to leave SSID broadcast on. One is only "hiding" their wireless network from people that wouldn't even know how to attempt to get through the encryption anyway.

Since both MAC addresses and SSID are sent in each packet in plain text (regardless of encryption being enabled) it is quite trivial to gain that information, hence it not offering any more security than just using encryption with a strong password. You can't block where the wireless signal penetrates, it's different than a hardwired network that you can secure the premise physically. So anyone with know how to even attempt to get onto your encrypted network can easily find the SSID.

The wifi standard was designed to have an SSID beacon. It was only the manufacturers that put the option in to disable it that people used it as an option for what they thought was more security.

A few years ago, when I did things like even going as far as disabling DHCP thinking it offered another layer of security, I used tools online to try to hack my own wireless and learned quite a bit. Security by obscurity is really more a false sense of security if anything.

 

[Rev2010]

A few years ago, when I did things like even going as far as disabling DHCP thinking it offered another layer of security,

I disable DHCP as well, all my internal machines are static IP (PC's, Laptops, XBOX, PS3, cellphones, etc). On top of that I use a WPA2 security key and I also disable the ability to connect to the router for configuration over Wifi. All these things together create more than enough security. If I wanted to go balls out crazy I could enable only specific allowed MAC addresses, turn off SSID, use IP filtering etc, but that is insanely tight security and I would have to update the router for each and every new device or machine upgrade. The maintenance aspect makes it a real PITA and not really worth it honestly.


Rev.

 

[gabbott]

I disable DHCP as well, all my internal machines are static IP (PC's, Laptops, XBOX, PS3, cellphones, etc). On top of that I use a WPA2 security key and I also disable the ability to connect to the router for configuration over Wifi. All these things together create more than enough security. If I wanted to go balls out crazy I could enable only specific allowed MAC addresses, turn off SSID, use IP filtering etc, but that is insanely tight security and I would have to update the router for each and every new device or machine upgrade. The maintenance aspect makes it a real PITA and not really worth it honestly.


Rev.

What I learned though is things like MAC address filtering doesnt gain you any more security. Someone can sniff your traffic and see a valid MAC in every header (even of encrypted traffic) and spoof the MAC. That info is always sent in clear text over the air. Same thing with learning the IP subnet you are using. It just ends up making more administrative work for yourself. You aren't gaining any more security by doing those things.

Moral of the story is just use the strongest encryption you can with a strong password.

 

[Rev2010]

What I learned though is things like MAC address filtering doesnt gain you any more security. Someone can sniff your traffic and see a valid MAC in every header

But it does. While mac address can be spoofed of course the difference is it would only be done by more advanced hackers, so it would in essence filter out a good amount of lower end hackers trying to gain access. Just like most locks out there can be picked, but some are much more complex and would require more a master lock picker to gain entry... so while still not completely impenetrable it does improve security overall. Not trying to debate with you, and trust me... I've done hacking (non-illegal) for a few years in my life and have read many of the hacking books in print. Point simply is securing your network to a certain level can filter out 90+ percent of the average level hacker thereby increasing your network security. Chances that your network would be hacked by the 5% elite is rather unlikely.


Rev.

 

[gabbott]

But it does. While mac address can be spoofed of course the difference is it would only be done by more advanced hackers, so it would in essence filter out a good amount of lower end hackers trying to gain access. Just like most locks out there can be picked, but some are much more complex and would require more a master lock picker to gain entry... so while still not completely impenetrable it does improve security overall. Not trying to debate with you, and trust me... I've done hacking (non-illegal) for a few years in my life and have read many of the hacking books in print. Point simply is securing your network to a certain level can filter out 90+ percent of the average level hacker thereby increasing your network security. Chances that your network would be hacked by the 5% elite is rather unlikely.


Rev.

I look at it as it would only be those advanced hackers that would be able to get past the encryption and for them, the 30 seconds it takes to find a MAC and spoof they could get past. The lower end hackers that can't even do that for finding a MAC wouldn't stand a chance against encryption.

A good read:

http://www.grc.com/sn/SN-011.pdf

It is surprisingly easy to get past a MAC filter. Given how hard it would be to crack a WPA2 encrypted AP with a strong password, if someone could... you'd bet they can get past a MAC filter.

 

[Rev2010]

the 30 seconds it takes to find a MAC and spoof they could get past.

But see, that's where you are wrong... it's not a 30 second thing. They would have to "camp out" so to speak and sniff until someone on the home network uses the connection. I am at work all day, and I am not on my computer all night long so they would have to be sniffing when I am using my connection to get my MAC to spoof to begin with. And I am hardwired so they can't get my MAC address, they would have to wait till my wife used her laptop which is even more rare. That equates to better security. And having to not only hack the encryption, they would also have to spoof a MAC address on top of it. And, with my remote admin turned off they'd only gain access to my internet access, they wouldn't be able to change the routers' configuration.


Rev.

 

[gabbott]

It's a good debate

Agreed that they would have to sniff a packet on an active connection, however think about how long it would take to sit there and brute force a WPA/2 encrypted connection, a loooong time. Time enough that at some point you'd be using that connection.

Unless one uses a weak password we are talking much longer than a few hours. They'd have to "camp out" anyway.

And yes, disabling access to the router admin interface from the wifi network is a very good idea.

http://www.maxi-pedia.com/how+to+break+MAC+filtering

http://www.maxi-pedia.com/how+to+find+MAC+and+IP+addresses+in+network+data+stream

 

[Marukatsu]

I tried to do that with my phone but I don't have that option... Any other way??

 

[smacknee]

To hijack this back to the original subject, I'm trying to connect to a hidden SSID at work (so I am not able to change whether it's hidden) and the Samsung Galaxy Note 10.1 does not seem to offer me a Wifi Settings prompt so I can tell it to check hidden SSIDs. Typing in the correct network name, security type and password generates a wireless connection that just says :"Not in range". Is there a way around this?

 

[meyerweb#CB]

Are you able to connect to it when you first set it up, by specifying the SSID, password, etc.? And does this network show up in your list of WiFi networks, as "out of range"?

If so, this might work for you. It works for my hidden SSID network at home. Go to the WiFi screen in settings. Turn WiFi off, then back on. The hidden network should show up as visible for a minute or so, and you can then tap it an select "connect."

 

[chinmay bhat]

Guys dont worry here is a simple step to connect to hidden networks
your network ssid is case sensitive as password

1-- create a new network even it is already listed when ssid is broadcasting
2-- type ssid and encryption details and password exactly same as network has
3 -- hit finish or done thats it it will get connected if its not there might be mistake in some name or password
:'-\

 

[GotR00t]

Guys,
the original ask was " I cannot seem to find out how in my phone to connect ot this network.". Please take the time to read and reread the question before answering trivial, irrelevant things like how to unhide your SSID. If he wanted to know if it was better to hide or unhide a SSID, that would have been the question. Right? Right.

 

[Rukbat]

And the answer is simple - since Android isn't built to do that, you unhide the SSID, connect to it, then hide it again. Then try to connect to it. If it works (and that depends on the phone and the version of Android) you're good. Otherwise, you have to run with the SSID broadcasting.