WiFi SSID Spoofing

Any SSID is valid. The default [DeviceName] ZT is intentionally distinctive; change it in Settings → WiFi → AP → SSID to match the environment.

Common patterns

• Match nearby phones — iPhone (15) or Samsung Galaxy S24 blend into a room of personal hotspots.
• Match the target's infrastructure — Corp-Guest, Print-Server-3, Conference-AV.
• Hidden SSID — set the SSID and tick Hidden to suppress beaconing entirely. The web UI is reachable by any client that knows the name.

Caveats

• WPA2 is preserved regardless of name — the AP still requires the configured password. SSID spoofing affects discoverability, not security.
• Signal fingerprinting still gives you away. Nearby WiFi auditors that compare BSSID OUIs will see ESP32-S3 vendor data. SSID alone doesn't defeat WiFi forensics.
• Captive portal mimicry — the device doesn't run a captive-portal stack out of the box. Pair with a custom payload if you need that surface.

Per-engagement workflow

Pre-engagement, walk the area with your phone's WiFi scanner. Pick an SSID that looks at-home and isn't already broadcasting in range (which would make the duplicate stand out). Set, deploy, verify with a fresh scan.