Evil twin (wireless networks)

Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.[1]

Evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.

Wireless devices link to the Internet via "hotspots" – nearby connection points that they lock on to. But these hotspots can act like an open door to thieves. Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin".

This type of evil twin attack may be used by a hacker to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent Web site and luring people there.[2]

Contents

Method

The attacker uses a bogus base station that someone connects to using Wi-Fi wireless technology. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail accounts, the phishers have access to the entire transaction, since it is sent through their equipment.

Unwitting web users are invited to log into the attacker's server with bogus login prompts, tempting them to give away sensitive information such as usernames and passwords. Often users are unaware they have been duped until well after the incident has occurred.

Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker's base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client – thereby turning itself into an 'evil twin.'

A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and wireless card that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build. A hacker can make their own wireless networks that appear to be legitimate by simply giving their access point a similar name to the Wi-Fi network on the premises. Since the hacker may be physically closer to the victim than the real access point, their signal will be stronger, potentially drawing more victims. The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim, or it can simply say the system is temporarily unavailable after obtaining a user id and password.[3]

Several free programs available on the Internet can decode packets to reveal clear-text logins and passwords. Using an evil twin attack a hacker is able to harvest Web applications such as email that could send passwords in clear text.

Hackers typically setup evil twin attacks near free hotspots, such as airports, cafes, near student residences, hotels or libraries.[4]

Solutions

Virtual private networks or end to end encryption (such as TLS/SSL/HTTPS) may be used to protect passwords, E-mail and other sensitive information.

One way that Corporate users can protect themselves from an evil twin attack is by using VPN (virtual private network) when logging into company servers. They should not send sensitive information such as bank account information or corporate user ids and passwords over a wireless network.[5]

See also

References

  1. ^ "Strange Wi-Fi spots may harbor hackers: ID thieves may lurk behind a hot spot with a friendly name." Andrew D. Smith. The Dallas Morning News. Knight Ridder Tribune Business News. Washington: May 9, 2007. pg. 1 Source type: Wire Feed ProQuest document ID: 1267536891 Text Word Count 766 Document URL: [1] (subscription). Retrieved June 6, 2007
  2. ^ "Security Watch. Daniel Wolfe. American Banker. New York, N.Y.: Feb 14, 2007. Vol.172, Iss. 31; pg. 7. (A security firm used an evil twin as a test to obtain passwords from attendees at RSA security conference). Source type: Newspaper ISSN: 00027561 ProQuest document ID: 1219496681 Text Word Count 1097 Document URL: [2] (subscription). Retrieved June 6, 2007
  3. ^ "Computer Column." Craig Crossman. Knight Ridder Tribune Business News. Washington: Aug 24, 2005. pg. 1. Source type: Wire Feed ProQuest document ID: 886418531 Text Word Count 761 Document URL: [3] (Subscription). retrieved June 6, 2007
  4. ^ Access Without Authentification: how and why we let anyone surf our wireless."Donna Watkins. Computers in Libraries. Westport: Mar 2006. Vol.26, Iss. 3; pg. 10, 5 pgs. Source type: Periodical ISSN: 10417915 ProQuest document ID: 1000365471 Text Word Count 2618 Document URL: [4] (subscription). retrieved June 6, 2007
  5. ^ Attorney General Madigan warns computer users about 'evil twin' attacks at wireless hotspots. US Fed News Service, Including US State News. Washington, D.C.: Jan 17, 2006. News release by Illinois Attorney General. Source type: Wire Feed ProQuest document ID: 975720601 Text Word Count 471 Document URL: [5] (Subscription). retrieved June 6, 2007.

External links