SSID Stripping is a new vulnerability that affects the way some wireless network names are displayed. As a consequence, unsuspecting users may connect to an attacker-controlled network they did not intend to connect to.
The SSID Stripping vulnerability affects all major software platforms – Microsoft Windows, Apple iOS and macOS, Android and Ubuntu.
Hide ’n Seek is a free tool by AirEye that helps organizations assess how vulnerable their corporate devices are to SSID Stripping.
Download now this simple Windows application, and:
- Receive a variety of network names (i.e. SSIDs) based on
SSID Stripping techniques – according to the network name that you provide
- Check how these network names are displayed on various devices within your organization
- Assess how vulnerable your environment is to
- Learn the risks of non-corporate wireless devices to your corporate environment
For any questions or comments on the tool, please email: [email protected].
- In Windows Command Line Interface, run:
HideNSeek.exe SSID_Name [timeout in seconds] [log file path]
- SSID is the name of the SSID you want to test against.
- You have the option to provide a connection timeout which defines how long you want the SSID Stripping name to broadcast. The default timeout is 5 minutes. However, you should be able to see the networks much sooner – it depends on the operating system, and can be as quick as 20 seconds.
- You have the option to provide a log output file
- Choose the type of test you want to run
- Test the “Network Lists” of your devices in your organization to see if you can spot the difference between the original SSID and the SSID Stripping name.
Click here for a 25-sec short video showing how to run the tool.
- It could be that the timeout was set too soon. Some operating systems require up to 60 seconds to display the new SSID-Stripping name.
- If you’re testing against a Windows device, make sure you’re not using the same device as the one that the tool is running on. The device running the tool is operating as a hotspot so you can’t also test against it.
- Run the tool, specifying a log file to see why. If needed, send it to us at [email protected]
The HideNSeek tool acts as an indicator that your device is at risk to the SSID-Stripping vulnerability so there is no need to connect.
That said, if you still want to connect, use the password: 12345678
The tool identifies a connection to an SSID Stripping network and terminates it immediately.
Note that the SSID Stripping name will continue to broadcast until the timeout. In order to avoid reconnecting, make sure that the auto-connect to that network is turned off.
The tool creates a mobile hotspot on the Windows device with the SSID Stripping name.
The hotspot remains on until the timeout. However, if someone connects to that network, the hotspot turns off for a few seconds, and automatically turns back on with the same SSID Stripping name.
This is an operating system related issue that has to do with the refreshing of network list names. It will be removed from the display within a few minutes at most.