“Free Public WiFi” SSID

Free Public WiFi

The “Free Public WiFi” SSID seems to be everywhere – at airports, on planes, and in hotels. Based on what the SSID spells, it seems to be the perfect solution for those seeking to connect to the Internet because it is “Free”…cost nothing…”Public”…you break no laws connecting to it…”WiFi” …a few clicks and you’ll be surfing in no time.

Viral SSID

In reality, this SSID is just one of many viral SSIDs that exist anywhere people are with laptops (almost always Microsoft Windows based laptops). In almost all cases this SSID is not a real WiFi hotspot access point but someone else’s laptop in Ad-Hoc mode advertising this SSID. Why does this SSID always appear and more importantly is it harmful if you connected to this SSID?

If you connected to the “Free Public WiFi” SSID in the past, don’t worry…in almost all cases your PC is not infected with a real virus and no data was stolen. Just remember to stop connecting to random wireless networks that you can’t verify as being trusted, especially free ones!

Blame Microsoft Wireless Zero Configuration

The answer to why this SSID seems to be everywhere can be blamed on Microsoft, more specifically a Windows feature called Wireless Auto Configuration (aka Wireless Zero Configuration). Wireless Auto Configuration “provides automatic configuration for the 802.11 adapters”. In an attempt to make it extremely easy to connect to WiFi networks, Wireless Auto Configuration does the following when an 802.11 adapter is enabled and starts to scan for WiFi networks.

1. Wireless Auto Configuration attempts to connect to the preferred networks that appear in the list of available networks in the preferred networks preference order, if the preferred networks are configured to automatically connect (the Connect when this network is within range checkbox is selected on the Connection tab for the properties of the preferred wireless network).

2. If there are no successful connections, Wireless Auto Configuration attempts to connect to the preferred networks that do not appear in the list of available networks, in the preferred networks preference order. This is done so that a Windows wireless client can connect to a hidden wireless network, one that is either not broadcasting its SSID or broadcasting an SSID of NULL. Configuring hidden wireless networks is used as a security measure to prevent malicious users from detecting and attempting a connection to a wireless network. However, the SSID is included in other types of wireless connection management frames and is easily discoverable by either capturing wireless management frames or using tools available on the Internet.

3. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is available, Wireless Auto Configuration tries to connect to it.

4. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is not available, Wireless Auto Configuration configures the wireless network adapter to act as the first node in the ad hoc network.

The problem occurs at step #4.

At one time or another somewhere out there someone connected to a real ad-hoc WiFi network that had the SSID “Free Public WiFi”. They added this network to their preferred network list. They then traveled to a location where this WiFi SSID didn’t exist (airport, airplane, and/or hotel). They powered on their laptop with the wireless card on and Wireless Auto Configuration took over and starting searching for WiFi networks. After trying steps 1 through 3 above, Windows gave up and configured WiFi card to ad hoc mode with the SSID “Free Public WiFi” (since it was a preferred network).

How the SSID spreads virally.

A second person in close proximity to the user above also has a wireless enabled laptop and is looking to connect to a WiFi network. They scan to see what is available and notice an SSID called “Free Public WiFi”….they connect to it not knowing that it is an ad hoc network. After a few seconds of wondering why they can’t surf the web they disconnect from the SSID, shrug their shoulders and move on with life. Now they have the viral SSID in their preferred list too. The next time they power on their laptop it starts to look for the “Free Public WiFi” SSID. This process is repeated in many locations across the US and world again and again. Soon this SSID is in preferred wireless networks lists everywhere spreads like a virus.

Can this viral SSID be stopped?

Yes, but others exist like linksys, hpsetup, tmobile, default. Any SSID that tends be the default for consumer grade access points and computers tends to become viral ad hoc SSIDs. An easy way to reduce the risk of connecting to these SSIDs is to configure Wireless Auto Configuration to only connect to access points (infrastructure networks).

1. Click on the Wireless option in the System Tray and open the Wireless Network Connection window.
 2. Click on “Change advanced settings”.
 3. In the Wireless Network Connection Properties window, click on the Wireless Networks tab.
 4. Click on the Advanced button.
 5. Click on “Access point (infrastructure) networks only”

29 Replies to ““Free Public WiFi” SSID”

  1. Pingback: hpsetup WiFi SSID
  2. Pingback: KPAO!
  3. Wait… wouldn’t it only take on the “Free Public WIFI” SSID in ad-hoc mode if the original “Free Public WIFI” that the user (legitimately) connected to was actually an ad-hoc network itself? That’s how I read step 4, at least. And aren’t most all public access points managed? So it would seem to me this isn’t as large a problem as you imply.

  4. @david question: You are correct but most don’t wouldn’t even know what a “managed” AP is…they see “Free WiFi” and they click to connect to it. It is part configuration issue, part Microsoft, and part end user training problem.

  5. I have a question – I get how this happens but I’m finding that the legitimate managed SSID is being masked by the ah-hoc version. i.e. I only see the ad-hoc entry in my “Available Wireless Networks”. I can’t connect because I set “only connect to infrastructure APs”.

    Does anyone else have this problem – how to fix it?

    I’m using Windows to manage my wireless.

  6. Here’s the thing about this: I’m a cautious guy I’ve always been wary about ad-hoc “computer to computer” connections and I’ve NEVER connected to any of these “rouge” networks….

    i wasn’t even in public when it hit me… i was at home, all my availble networks looked normal. i beleive i restarted my computer…. then when i checked my available networks again i had “Free Public Wifi”, “hpsetup” AND “linksys” ad-hoc networks, none of which were there before. And they’re obviously coming from my pc, because they follow me everywhere i go…

    this explanation seems logical, but i think something more fishy may be at work here, at least for me….. help lol

  7. I’ve seen this “Free Public WiFi” on many LT’s I’ve repaired.

    Funny thing is, there were no other LT’s within range AND the bigger clue is that no matter how I hold the LT, the signal strength is always maxed out at 5/5 appearing to be a desirable connection.

    After running Malwarebytes, a virus/trojan was found and removed.

    Rebooted and no more “Free Public Wifi”!

  8. I’m sitting in Laguardia right now, I can see 3 of these when I look for a network. I’ve seen it all over the place. Usually in an airport, or large city. This is the most I’ve ever seen in one spot.

  9. My two cents on this:

    I normally work for a public sector organization. However, this weekend I’m providing support at a music festival in Scotland. The hacks and shooters for the event all “need” wireless (though I think I’ve now convinced them about changing that!).

    Essentially, as another person has pointed out earlier,the important part of this article – step 4 states that a) you must have connected to an ad-hoc network with the BSSID “Free Public Wi-Fi”, and b) be in a position where your wi-fi device cannot hit any available network (neither ad-hoc nor infrastructure), nor any preferred infrastructure network, and so advertises the “Free Public Wi-Fi” network.

    As “david” says above (response no. 6 to this blog), this would mean that you had previously connected to an ad-hoc network called “Free Public Wi-Fi”, meaning that, by Windows deafult settings for wireless, the network would be saved as a preferred network, causing the steps 1-4 to result in this issue.

    Right, that took a bit – sorry:) but here’s my thought on a possible cause: “User Zero” in all of this – the first person to have this occur – may well have tried to manually join a network, simply hoping that typing “Free Public Wi-Fi” in as a network name would result in free internet. Let’s be honest and admit that there are people out there who would believe that would work – I have met MANY of them.

    Regardless. this would then mean that what is happening is a device is in a mode where it is not connected to anything else, and as such is advertising this as their default BSSID. From this starting point, the behaviour described in this article then ensues.

    To be clear, I’m agreeing with the article a lot, but think that there are a number of possible ways this phenomenon both begun and “propagated”.

    Hope this makes sense, 8 hours sleep over four days makes one ramble…

Comments are closed.