Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Forget Android. What does wpa_supplicant do? It's not clear from your links that any scan_ssid value achieves hiding the network names.


From the wpa_supplicant.conf man page:

      scan_ssid
	     SSID scan technique; 0 (default) or 1.  Technique 0 scans for the
	     SSID using	a broadcast Probe Request frame	while 1	uses a
	     directed Probe Request frame.  Access points that cloak them-
	     selves by not broadcasting	their SSID require technique 1,	but
	     beware that this scheme can cause scanning	to take	longer to com-
	     plete.


So presumably a (default) broadcast Probe Request would not disclose saved network names but somehow this doesn't appear to be true? Hence my question?


This may be a bug in wpa_supplicant, I'm not sure. I looked at the code, and it seems to be trying to avoid using the SSID in a probe unless this value is set to 1, but the code is structured such that the check needs to be done in many places so one of them may have omitted it. Should be in scan.c.


Turns out it's not a bug, it's a feature called Preferred Network Offload. Some useful links can be found here: http://www.reddit.com/r/androidapps/comments/2u2ww0/dev_wifi...


> Preferred Network Offload

Looks like you found the bug, thanks: https://www.eff.org/deeplinks/2014/07/your-android-device-te...

So it's a bug after all.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: