Hiding/Disabling potentially nearby Wifi SSIDs from my MAC and/or my iPhone

It is the router that broadcasts the SSID, so it you are concerned about others accessing your network, you can prevent your SSID from being broadcasted and more effectively lock down your router to only allow access from your devices.

As for you seeing other SSID's, of course they can do the same on their router if they wish. You seeing their SSID does not make you vulnerable to any attack.

Beyond any security issue, there is a number of SSID's you may see when choosing to log into WiFi, but frankly you would only see them when choosing to log into a new network. If you are allowing to auto join your known networks, there is never any reason why you would even have to wade through the "jungle of networks".

There are 3 completely different concerns being discussed:

• Someone seeing your SSID as a security risk.
• You seeing someone else's SSID as a security risk.
• Inconvenience of wading through networks to choose the one you want when logging into a new network.

As for specifically addressing this as an issue with Apple devices, you will see the same behavior on Android/Chromebook as well. The settings for the routers to hide the SSID and set up MAC address filtering vary by brand.

BobTheFisherman wrote:

Kurt Lang wrote:

The only way you can stop your SSID from being broadcast is to turn the router's WiFi off. But then, of course, you can't use its WiFi capabilities, either.

The only security risk for others seeing all WiFi signals within range is if you're using extremely poor admin name and password that would allow someone to access our router's settings pages.

I've never had to turn off WiFi to stop broadcasting my network SSID. The WiFi is still on it is just not broadcasting the SSID. This is a router setting.

Mr. Lang is correct. If you tell your Wi-Fi router to stop broadcasting its SSID, that does not keep the bad guys from using a Wi-Fi packet sniffer (or sniffer application) to monitor your network and learn what your SSID is.

All that "hiding" the SSID does is to suppress it from the place used to build the list in "regular" user interfaces. Not from all of the packets your access point and clients exchange.

It's like hiding the key to the front door of your house under the "Welcome" mat – and hoping that no burglars have ever thought to look there.

Wi-Fi networks and their SSIDs are not just analogous to radio stations, they are radio stations. Anyone who wants one can create as many as they want. You can't shut them down or make them disappear; only they can do that.

All sorts of electromagnetic radiation exists, everywhere, all at once. Obviously some locations are less exposed to it than others but clicking the Wi-Fi menu in an urban environment often reveals a staggering number of networks. It's amazing Wi-Fi works at all... and what you see doesn't include hidden networks that contribute just as much to the cacophony as those that aren't hidden.

A long time ago I used to advocate setting their wireless radio transmit power to the lowest level required for your use. That practice not only minimized your own wireless network's exposure to potentially nefarious intrusion, it minimized its contribution to local environmental "noise" (if a network is not usable to you it might as well be "noise") but those days are long gone. All it takes is one wireless access point radiating excess power and everyone else has to get louder, like voices in a crowded bar.

Apple removed the ability to reduce transmit power from AirPort utility a while ago, even though their devices are still capable of it. As for other routers, I don't know.

I have direct evidence that someone entered my poor network a few weeks ago and probably got bored for a while ... nevertheless I would not want to give them access so easily. I have extremely restrictive policies, really strong passwords, solid encryption algorithms and they managed to get through. Maybe for a high school experiment ( ?? LoL ) …

Be sure to change your router's device password once in a while. An astounding number of people don't bother to change default device configuration passwords ("admin" or "public" or something similar). That's not to be confused with your wireless network password. Some routers have firmware that can be modified... a hacker's paradise. Anything goes.

P4ol5s wrote:

I have sent my request to Apple. Let's see what they will answer.

Apple already answered that question, here:

Recommended settings for Wi-Fi routers and access points - Apple Support

Apple recommends that you do not hide your SSID.

Pull quote (with emphasis):

Hiding the network name doesn't conceal the network from detection or secure it against unauthorized access. And because of how devices search for and connect to Wi-Fi networks, using a hidden network might expose information that can be used to identify you and the hidden networks you use, such as your home network. When connected to a hidden network, your device might show a privacy warning because of this privacy risk.

If your wireless environment is too crowded, either use a wired network, or move.

Device manufacturers certainly don't help by characterizing a "hidden" SSID as a "closed" network. The implication is misleading.

Like "firewall" 🙄

There is absolutely no security risk in seeing other network names in your area on your device. The malicious WiFi network seems to be the latest rabbit hole on Social Media where many false claims are being made. They do this for upvotes and to have their posts shared, Maybe people will believe whatever they see on Social Media.

P4ol5s wrote:

Hi Bob(2),

Thanks for your comment. I still think that I'd like to have a choice to put an extra barrier between my devices and the outside. Then I can have access to a console and see what's out there and then update periodically a list of what my people or me can see or not ... anyway ... Thanks for your note.

Best Regards,

P.

Because you can see available network SSIDs does not mean they can see yours. Just don't broadcast your SSID.

The only way you can stop your SSID from being broadcast is to turn the router's WiFi off. But then, of course, you can't use its WiFi capabilities, either.

The only security risk for others seeing all WiFi signals within range is if you're using extremely poor admin name and password that would allow someone to access our router's settings pages.

Kurt Lang wrote:

The only way you can stop your SSID from being broadcast is to turn the router's WiFi off. But then, of course, you can't use its WiFi capabilities, either.

The only security risk for others seeing all WiFi signals within range is if you're using extremely poor admin name and password that would allow someone to access our router's settings pages.

I've never had to turn off WiFi to stop broadcasting my network SSID. The WiFi is still on it is just not broadcasting the SSID. This is a router setting.

P4ol5s wrote:

Jim,

I'm not involved in any Social Media trap ... I really think it is strange that my request can be seen as a way for me to spread my voice (I don't go on social media at all). I was only asking to filter all the jungle of networks outside and get them out of my world. I'd like to have a clear explanation why my "arounds" should know I'm in the area and we could potentially connect to a wifi that is not ours without an early defense.

It is also relatively easy to crack a WPA2 password and my question remains there and there is not a reasonable explanation why should I reach another one's network just because I know it's there. For me this is a security risk.

I don't want to install a Cisco firewall at home because of this ridiculous open door. Anyway I'll quit here and Thanks for your comment.

Regards

Cumbersome whenever you Add a New device to your network

But >> " A MAC address is a 12-digit hexadecimal number that is assigned by the manufacturer and stored in the device's hardware. MAC filtering is a technique that allows you to create a whitelist or a blacklist of MAC addresses that can or cannot access your WiFi network. "

Supposedly, even if the Outside Person were to crack your wifi password

Their Device MAC Address is Not Listed in the Wifi Access Point / Router

In theory, that could do nothing with your Wifi Network

faking a Media Access Control (MAC) address is easily done on some systems. Apple dynamically changes the MAC address for "Private Addressing" on Macs and iPhones.

Telling your router to only accept specific MAC addresses is of little value, and a pain in the ... to maintain (I know, because I enabled it for while back in the 2000's, and then disabled it a few months later, and this was all before Apple's "Private Addressing" feature).

Restricting devices based on MAC address is just not worth the effort.

People can create any SSID name they want, simple or complex, incomprehensible or offensive. That neighbor's SSID is probably a sign of an overactive imagination. Or, maybe they understand any random string of characters is just as good as any other. It's not as though they have to remember it.

Complex names make no difference to the client devices connecting to it. Security is implemented in the authentication and encryption methods used. Hiding the SSID does exactly nothing to increase that particular aspect of security.

Wired networks are preferable for devices that generally stay in one location all the time (desktops, printers) and it's a good idea to use them to the maximum practicable extent.

This is a user-to-user technical support forum. Apple does not read your messages here.

You can send feedback via:

Feedback - macOS - Apple

Ah! There it is. Our previous modem didn't have this option:

Not that I care if the neighbors can see my SSID.

You seeing what networks are available is not a security risk. Hiding/not broadcasting your SSID prevents others from seeing your network.

Do what BobHarris suggested.