If the SSID and password are the same, how would the phone tell the difference? I don't know.
My Fitbit has a "find my phone" feature that uses Bluetooth to tell the Fitbit app on the phone to make a loud whistle. It's kind of handy and ive made use of it several times around my house, but obviously isn't useful outside Bluetooth range.
> If the SSID and password are the same, how would the phone tell the difference
MAC address, but devices don't care, by design they will connect if the SSID and encryption type are the same, actually, you can create a mesh wifi network at your house with regular routers or access points by doing so, connecting them with wired ethernet.
The last time I did we did a WiFi password change at my house there were near 100 devices that had to be updated. Such a hassle. Thankfully it's stayed the same over 4 routers and about 7 years.
Orrrrr the protocol would just be smart enough to say “hey, we are thinking of connecting to this network but the MAC address is different — did you recently switch base stations?”
As long as screenless devices and other unattended things like light bulbs didn't need manual intervention, and it was easy to turn off the checks on a Linux server, it would be cool.
But it would probably be an annoyance in large multi hotspot environments, and could become another thing to train people to mindlessly click through like cookie prompts.
ESSID != BSSID. The former meant for UX, the latter to uniquely identify. Wpa_didn't allows fixing the latter, for example, as needed when you hang out at multiple locations where the wifi has the default ESSID, but of course with distinct passwords. Causes authentication timeout/lockout annoyance if left alone.
Fortunately many default network names at least contain some randomness these days, e.g. three bytes of an access point's BSSID, to make this less likely.
That's also the proper fix – pinning a WPA password to an individual BSSID would go against the concept of encryption being scoped to an ESS/ESSID, not individual APs.
You can, but if the AP's aren't aware of their shared clients they can't hand them off to another AP when signal strength degrades. Let's say you connect a client to AP A, then walk out of range closer to AP B. Your signal strength will suck because you're now farther away from AP A (and close to AP B). AP A won't disconnect your client to allow it to connect to B for better signal strength (that is, until AP A's signal strength is too low to sustain a connection).
Networks that are meshed by design take this into account and communicate about signal strength per client, handing them over when they notice a neighbor would be able to serve the client better.
While communication between APs (and forwarding of the data to clients) helps, it's not strictly needed because clients will do background scans, especially when reception is getting worse.
It apparently depends on the client device's implementation but yes in general client devices will switch to connect to the stronger one automatically on their own
How can you tell a wifi network is cloned if the SSID/password match? After all, it might legitimately be a new legitimate access point in the network.
I’ve always wondered how commonly black hats clone and exploit mass deployed public SSIDs like the “xfinitywifi” network you see in all major US cities with xfinity.
Presumably you could get a lot of random devices to automatically connect and then hijack DNS to cause trouble.
At least 50% of such APs I ran across didn’t work right. I chalk it up to broken implementation on the ISP side, but a decent number may be issues like this.
It's not that easy, unfortunately: Many networks span more than one access point, either simultaneously or across time (mediocre CPEs are notoriously being swapped out all the time by cable providers, in my experience).
Initially loading and then synchronizing certificates across APs would be anything but trivial.
I've surprised my friends a few times by keeping my SSID + password constant over the years and across several moves within the city (and across ISPs) and even internationally – whenever they come to my place, they have Wi-Fi the second they step through the door :)
It's also nice not having to re-configure various embedded devices, many without a sane user interface to type a passphrase or even accept a new TOFU public key, every time I set up a new router at my family's place.
Either "enterprise" WiFi or, if your device supports it, locking down the MAC address. That'll give you range issues if you use mesh wifi, range extenders, or additional access points, though.
I don't know why more devices don't support WPA Enterprise, it's not _that_ complicated a protocol. I can imagine a "secure router" product with a normal WPA3 network for management and an "enterprise" network with a simple username/password list selling quite well in some niche circles.
There's not really such thing as a cloned wifi network conceptually: If you set up a new access point using the same SSID and encryption settings, you didn't clone a network – you just extended it by one more access point/location where it's available!
A Wi-Fi network is the abstract concept of "all access points using the same name and passphrase", not an individual instance of an access point.
If you connect the two access points (e.g. using wired Ethernet), clients can actually roam between the two fairly seamlessly without any other setup required, and this even works across brands!
One thing to keep in mind re: roaming - devices tend to "stick" with their current AP even though there's a perfectly good same-SSID AP with much better strength available. There are protocols that can orchestrate between APs to "kick" stubborn devices to better APs: 802.11r, 802.11k, and 802.11v.
99.9% of people don't consider this an issue, I'd rather there not be one in the spec. It's just unnecessary complication. If you're the genuinely paranoid 0.1%, write a script.
Yeah, back in the day before HTTPS was common, this used to be a viable attack where people would set up rogue hotspots at cafes and whatnot and intercept all your traffic.
I think that's a different attack, where you could passively sniff wifi traffic from networks without WEP. I meant more just hosting your own hotspot with a popular name, forcing clients to connect to it via disconnect/reconnect attacks, and then you're essentially a tiny MITM ISP that can monitor all their unencrypted traffic
