Hacker News new | past | comments | ask | show | jobs | submit login

From the wpa_supplicant.conf man page:

      scan_ssid
	     SSID scan technique; 0 (default) or 1.  Technique 0 scans for the
	     SSID using	a broadcast Probe Request frame	while 1	uses a
	     directed Probe Request frame.  Access points that cloak them-
	     selves by not broadcasting	their SSID require technique 1,	but
	     beware that this scheme can cause scanning	to take	longer to com-
	     plete.



So presumably a (default) broadcast Probe Request would not disclose saved network names but somehow this doesn't appear to be true? Hence my question?


This may be a bug in wpa_supplicant, I'm not sure. I looked at the code, and it seems to be trying to avoid using the SSID in a probe unless this value is set to 1, but the code is structured such that the check needs to be done in many places so one of them may have omitted it. Should be in scan.c.


Turns out it's not a bug, it's a feature called Preferred Network Offload. Some useful links can be found here: http://www.reddit.com/r/androidapps/comments/2u2ww0/dev_wifi...


> Preferred Network Offload

Looks like you found the bug, thanks: https://www.eff.org/deeplinks/2014/07/your-android-device-te...

So it's a bug after all.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: