2

I live in a location which is semi-rural. I also share this Internet access with some people nearby. Although bandwidth is a bit limited (VDSL), other then those imposed by the connection speed there are no data limits, and I'm not overly concerned about abuse or the AP being hacked in to.

I need to overhaul my WIFI network and change the SSID (kids...). Is there any real reason I should not make the AP name "12MyStreet", where this is my street name and number? I'm figuring this is OK as I don't think I'm providing any information not already available to an adversary. If this is OK, I'm wondering why it is not more commonly done - am I missing something?

Anders
  • 64,406
  • 24
  • 178
  • 215
davidgo
  • 593
  • 5
  • 11
  • 1
    No, you're not missing anything. It's not commonly done because people just happen to normally choose other things for their SSID, like their name. (Well, actually, half of them just stick with the default.) – nobody Nov 12 '21 at 05:48
  • No, you're not... Unless if you are a streamer and you click the WI-FI icon, they'll see your location... I personally use my own name for my SSID... – ThePro501 Nov 14 '21 at 18:27

2 Answers2

2

I would consider it from the client side as well. The clients will store the SSID they connected to. A mobile phone that has "12MyStreet" on its SSID list, provides information about where it has been.

If this was a hidden SSID, the device would even be broadcasting the SSID asking if it's there. So your phone would be asking "Is any AP for 12MyStreet network here?" in the middle of the city, basically shouting out your address.

This scenario is probably of little concern, since I don't think you would configure it as a hidden network. And so, the devices shouldn't be doing that.

So, nobody would know which networks you connected to unless you showed them the list? Wrong!

Both Apple and Google store the SSID to which you connect, and apps can also obtain the name of the wifi network that is being used. There are databases of wifi networks (even free, e.g. https://www.wigle.net/) that could be used to map the SSID into a geolocation (not to mention the equivalents that big companies use internally), but directly placing the physical address in the SSID might unnecessarily be making things too easy.

Ángel
  • 17,578
  • 3
  • 25
  • 60
-1

I wouldn't put an obvious name like your street address for a number of reasons, like privacy. It's nobody's business whether you operate a wifi access point, and what brand it is (can be determined from the MAC address).

Keep in mind that everybody can scan the airwaves with software like airmon-ng (available in Kali), and even see the clients associated with your access point, and their MAC addresses.

It is information that could even be used by sophisticated burglars: if there are no clients currently connected to your access point (other than some appliance like the TV) it is a telltale sign that nobody is at home presently. Otherwise we would usually see a mobile phone connected, or more. On the other hand the fact that you share the network with neighbors means that it is more likely that there will always be active connections. But the fact is that your wifi equipment is still a tracking device that can be used against you.

I would instead use a more generic, less identifying name, that you provide to your users on a need to know basis.

For companies there is a case for using "obvious" names for branding reasons and because they often have a captive portal for visitors. But companies often have guards and better security than private individuals.

Kate
  • 6,967
  • 20
  • 23
  • 2
    Your post makes little sense to me. That someone is running an AP at a location (and its bssid) is obvious regardless of the name. Similarly the amount of communication is presumably available regardless of the SSID name - although im not sure I buy that mac addresses of clients are available unless/until the wifi password is determined. What am I missing? – davidgo Nov 30 '21 at 18:11
  • @davidgo: even you are in a sparsely populated area you are bound to find multiple APs when scanning the neighborhood, and it's not necessarily obvious where *exactly* the APs are located - you can make guesses based on signal strength but it's not a safe guess. With direction finding equipment maybe. I have dozens of APs around me and I don't know which one belongs to who, *expect for some that have obvious names* like the restaurants nearby. – Kate Nov 30 '21 at 20:51
  • 1
    Regarding the second point it is indeed possible to [sniff](https://www.aircrack-ng.org/doku.php?id=airodump-ng) the MAC addresses of wifi clients, that makes it possible to carry out targeted **deauth** attacks. – Kate Nov 30 '21 at 20:57