Automatically Connecting to Hidden SSID WiFi Network

Automatically Connecting to Hidden SSID WiFi Network

My MacBook Pro will not automatically connect to a Wireless network with a hidden SSID. It makes me select the "Join Other Network..." in the Airport menu (in the system tray), where I need to input the name of the network, then security type, password and wait for it to connect. This is becoming increasingly annoying to have to do every time I come back to my desk.

Asked by: Guest | Views: 389

Total answers/comments: 2

Comments display order:

Guest [Entry]

"Automatically connecting to a network with a hidden SSID is a bad idea.

Since your computer cannot passively listen for the SSID broadcast and automatically connect when it sees the SSID (which will not show in the beacon broadcast, since that is how hiding the SSID works), it has to actively send probe packets with the network's SSID, even if it is nowhere near the access point, and wait for a response. This means that, instead of the access point broadcasting its name all the time, you have all computers configured to automatically connect to it broadcasting its name all the time, no matter where they are.

Not to mention that, to be able to roam between several access points with the same SSID, the computer has to know their BSSID (essentially, the AP's MAC address). Usually they do this by listening to the beacons broadcast by the access points. Since the beacons do not have the SSID (hey, it's hidden!), the computer has to periodically send probe requests even if it is already connected to the access point. Making it laughably easy for an intruder to find out the SSID if even one computer is connected to the network. Not to mention the desassociation attacks.

So, it gains almost zero security (it is still way too easy to find the SSID) and loses a bit more security (the client computers constantly announcing to the world ""hey, I am a computer belonging to someone who works at company XYZ!"" even when nowhere near company XYZ). The net result is negative.

The only way to reduce or even avoid the security loss is to have it connect manually instead of automatically. Which seems to be what Apple is doing. (Windows Vista, from what I recall, warns you of the security issues when you try to set it to automatically connect. The NetworkManager used by most Linux distributions also seems to make you chose the saved connection from a dropdown manually.)

In theory, it would be possible to save the known BSSIDs for each ESSID and only send the probe request when a beacon for one of them is received (that is, when you are near an access point which has in the past been used for that SSID). I do not know why nobody seems to have tried that yet."

Guest [Entry]

I googled, and there are apparently many people in you situation. A promised fix by Apple has never materialized. It seems like the only solution is to unhide the SSID on the router. Please note that nowadays hiding the SSID doesn't protect you from anything.