Ask / Submit

WLAN does not check BSSID (AP mac address)

asked 2015-06-16 18:04:21 +0200

jberezhnoy gravatar image

updated 2015-06-17 10:37:03 +0200

rainisto gravatar image

Hello, I have noticed that my Jolla regularly tries to connect to the access points which have SSID already stored in my connections list. I.e. if I have in my connections list an access point named "Home" (SSID) with some password, and the device sees another access point with the identical name 'Home" it tries to connect to the new "Home" access point and prompts for password. In case the "Home" access point is an open network, I admit that device will connect to it automatically without checking the BSSID (i did not test this).

As far as i understand it's not good at all, as the device has to identify networks by BSSID (mac address) first of all and only after that look for SSID match.

I thinks it's a security concern, isn't it? And of course it is frustrating to close the annoying password prompts for each found "Home" access point on my way.

Thank you for your attention

edit retag flag offensive close delete



I can only confirm this issue. I have to say though that I noticed this only after upgrade, it usually (as far as I could remember) never happened before.

magullo ( 2015-06-16 18:19:47 +0200 )edit

3 Answers

Sort by » oldest newest most voted

answered 2015-06-16 18:18:54 +0200

r0kk3rz gravatar image

updated 2015-06-16 20:00:54 +0200

This is not really a bug and is how all Wireless LAN devices operate.

There are legitimate use cases where you have multiple APs with the same SSID and you want the device to freely roam in between.

The solution is to use a reasonably unique SSID for your networks, but with the current proliferation of Wireless Networks and Mobile Devices this is becoming a bit of a design flaw.

edit flag offensive delete publish link more


Thanks for the answer. I can say that before Jolla I had used N900, N9 and Nexus 4 (besides Windows devices) and they did not operate in similar way. Each device checked the BSSID of the access point.

I still believe that free roaming between the networks is not worth of such security risk when I can connect to the open network or even to the "pinnaple" router

jberezhnoy ( 2015-06-16 18:27:57 +0200 )edit

@jberezhnoy that is not how wlan works, that is not how networking works... bssids are used for identifying a specific hardware not a specific network (you'd need to permit 50+ APs on a campus to properly use the campus wlan) just like a mac identifies hardware and not a network. This is specifically crutial with 2+ APs, if a wlan device should bind to known bssids only that is becoming a specific enterprise grade setup not the other way round... there is only one case where it counts into, that is silent APs but that works a tad different than you might think...

chemist ( 2015-06-16 19:29:58 +0200 )edit

@chemist thank you for your comment. In my original post i did not mention that my 'Home' access point is set up for wpa2 mode. Maybe the abscence of that fact caused some misunderstanding. The 802.1x standard describes how wpa/wpa2 authorization is designated to work. To keep it simple: the access points are identified by BSSID (mac address), not by network name (SSID). The preshared key is a kind of salted using the BSSID. I.e. if you have a wpa/wpa2 password hash for access point 1, it will not work with access point 2, unless both access points have the same BSSIDs and SSIDs. That is why the above scenario with 50APs is not relevant in our case. In such cases the 50APs work either in a repeater mode (i.e. they are not access points, but simple repeaters), or use different authentication mode (e.g. radius server). This is how wlan shall work according to the standards. Otherwise somebody can create an access point with SSID 'home' (or whichever else) and listen your traffic, while you will think you are connected to your home/campus network. I hope it is clear now that this bug is not related to seamless roaming between your home or campus wlans. As i understand current approach does not comply with authorization standard.

p.s. even bloody iphone does not behave in that way. tested on my sister's device (also tested thus evening on ubuntu, windows7 and android). sorry fir punctuation and mjstakes, typing from my Jolla

jberezhnoy ( 2015-06-16 22:23:43 +0200 )edit

wpa-psk uses the ssid for salting... your turn! (same password hash works on a wpa-psk roaming network) - well never mind, it won't help your cause to understand how it works... you want your wlan not connect to BSSIDs you did not authenticate to previously by hand...

chemist ( 2015-06-16 23:03:19 +0200 )edit

you are right that PMK is salted/hashed with ssid, while PTK does need BSSID of the AP. but the point is that device shall not try to send previously saved password to all networks with identical ssid, shall it? and ask for another password if the saved one did not match!g

jberezhnoy ( 2015-06-16 23:39:17 +0200 )edit

answered 2016-02-28 14:47:56 +0200

brownjr gravatar image

Each BSS is uniquely identified by a basic service set identification (BSSID). For a BSS operating in infrastructure mode, the BSSID is the MAC address of the wireless access point (WAP) generated by combining the 24 bit Organization Unique Identifier (OUI, the manufacturer's identity) and the manufacturer's assigned 24-bit identifier for the radio chipset in the WAP. The BSSID is the formal name of the BSS and is always associated with only one BSS. Note, the MAC address concept is not limited to radio communication, wired networks use the very same 24+24 bit MAC address concept to uniquely identify the hosts.

you can find more information about BSSID on the website

edit flag offensive delete publish link more

answered 2016-02-29 19:39:39 +0200

SaimenSays gravatar image

I already mentioned this problem in earlier topic two years ago. So I think this is a duplicate.

But I think that this malfunction is still a problem at all, because the mobile connection is not function as long as it to connect the wrong WLAN.

edit flag offensive delete publish link more
Login/Signup to Answer

Question tools



Asked: 2015-06-16 18:04:21 +0200

Seen: 1,095 times

Last updated: Feb 29 '16