For as long as cybersecurity has been a thing, the concept of security by obscurity has been debated. The premise is simple—that by hiding or obscuring elements of your network infrastructure, applications, or data, you make it more difficult for attackers to find and compromise those things. The idea that you can secure something by hiding it has also been the focus of one of the prevailing myths about Wi-Fi.
Wi-Fi Security by Obscurity
From a wireless network standpoint, security by obscurity generally means “hiding” the SSID of the network by disabling the SSID broadcast. When you open a computer or mobile device and look for available Wi-Fi networks to connect to, the list that is displayed is a list of the SSIDs within range of the wireless adapter. There may, in fact, be other networks within range, though, that don’t show up on the list because the network has disabled the SSID broadcast. By preventing anyone from seeing the SSID in a common UI list, they figure, it can’t be attacked and is more “secure”.
False Sense of Security
Security by obscurity is generally a bad idea. Why? Well, for one thing it creates a false sense of security. It provides a sense that your network and data are “protected” because the SSID is hidden. It is often accompanied by having an open or unencrypted network. It also typically means that less attention is paid to applying patches or ensuring other security best practices. There is no need to lock it down if nobody knows it’s there, right?
However, just because the SSID is not being broadcast does not mean that the network is undetectable. Data is still being transferred wirelessly, and an attacker with a Wi-Fi adapter and the right software can still find the network. The SSID name can still be found in the packets. It is removed from beacon frames, so it is not being broadcast, but it is still included in Probe Response frames. Some devices will even display “hidden” networks, but just list a question mark as the network name.
In fact, not broadcasting the SSID may actually attract attackers. Rather than just looking for unencrypted wireless networks that are broadcasting the SSID, attackers will sometimes go out of their way to seek out networks with hidden SSID names. The fact that someone put in the effort to hide the SSID probably means there is something of value to be found there, and—as noted above—the false sense of security provided by hiding the SSID means the wireless network is probably insecure in more ways than one.
Real Security with Wi-Fi CERTIFIED WPA3
Don’t make the mistake of believing in the myth of security by obscurity—especially for your Wi-Fi network. It not only doesn’t make your network more secure, but it also makes you more of a target in some cases.
The better approach is to simply have effective security in place. Make sure your network is secured by WPA3 – the next generation of Wi-Fi security – and use Wi-Fi CERTIFIED technologies, which now must all support WPA3. WPA3 builds on its predecessor, WPA2, with new features that simplify Wi-Fi security, enable more robust authentication, and improve cryptographic strength for secure, encrypted wireless traffic.
WPA3 disallows the use of outdated legacy protocols—preventing your wireless connections from falling back to compatible protocols that may be vulnerable or more insecure. WPA3-Personal also allows for natural password selection—enabling users to choose passwords that are easier to remember without sacrificing security.
Security by Security
Pretending that a risk does not exist does nothing to mitigate or resolve the risk. Security by obscurity is a bad idea because hiding your Wi-Fi network from public visibility does nothing to address any underlying weaknesses or security issues. You are basically just crossing your fingers and hoping that nobody finds it.
Don’t let the myth of security by obscurity take you or your wireless network down. Deploy WPA3 and look for Wi-Fi CERTIFIED technologies so you can use your wireless network with confidence.