Evil twin (wireless networks)
Encyclopedia
Evil twin is a term for a rogue Wi-Fi
access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.
Evil twin is the wireless
version of the phishing
scam. An attacker fools wireless users into connecting a laptop
or mobile phone
to a tainted hotspot
by posing as a legitimate provider.
Wireless devices link to the Internet
via "hotspots" – nearby connection points that they lock on to. But these hotspots can act like an open door to thieves. Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin".
This type of evil twin attack may be used by a hacker to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent Web site and luring people there.
that someone connects to using Wi-Fi
wireless technology. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail
accounts, the phishers have access to the entire transaction, since it is sent through their equipment.
Unwitting web
users are invited to log into the attacker's server
with bogus login prompts, tempting them to give away sensitive information such as usernames and password
s. Often users are unaware they have been duped until well after the incident has occurred.
Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker's base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client – thereby turning itself into an 'evil twin.'
A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and wireless card that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build. A hacker can make their own wireless networks that appear to be legitimate by simply giving their access point a similar name to the Wi-Fi network on the premises. Since the hacker may be physically closer to the victim than the real access point, their signal will be stronger, potentially drawing more victims. The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim, or it can simply say the system is temporarily unavailable after obtaining a user id and password.
Several free programs available on the Internet can decode packets to reveal clear-text logins and passwords. Using an evil twin attack a hacker is able to harvest Web applications such as email that could send passwords in clear text.
Hackers typically setup evil twin attacks near free hotspots, such as airports, cafes, near student residences, hotels or libraries.
s or end to end encryption (such as TLS
/SSL/HTTPS
) may be used to protect passwords, E-mail and other sensitive information.
One way that Corporate users can protect themselves from an evil twin attack is by using VPN (virtual private network
) when logging into company servers. They should not send sensitive information such as bank account information or corporate user ids and passwords over a wireless network.
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.
Evil twin is the wireless
Wireless
Wireless telecommunications is the transfer of information between two or more points that are not physically connected. Distances can be short, such as a few meters for television remote control, or as far as thousands or even millions of kilometers for deep-space radio communications...
version of the phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
scam. An attacker fools wireless users into connecting a laptop
Laptop
A laptop, also called a notebook, is a personal computer for mobile use. A laptop integrates most of the typical components of a desktop computer, including a display, a keyboard, a pointing device and speakers into a single unit...
or mobile phone
Mobile phone
A mobile phone is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area. It does so by connecting to a cellular network provided by a mobile network operator...
to a tainted hotspot
Hotspot (Wi-Fi)
A hotspot is a site that offers Internet access over a wireless local area network through the use of a router connected to a link to an Internet service provider...
by posing as a legitimate provider.
Wireless devices link to the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
via "hotspots" – nearby connection points that they lock on to. But these hotspots can act like an open door to thieves. Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin".
This type of evil twin attack may be used by a hacker to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent Web site and luring people there.
Method
The attacker uses a bogus base stationBase station
The term base station can be used in the context of land surveying and wireless communications.- Land surveying :In the context of external land surveying, a base station is a GPS receiver at an accurately-known fixed location which is used to derive correction information for nearby portable GPS...
that someone connects to using Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
wireless technology. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
accounts, the phishers have access to the entire transaction, since it is sent through their equipment.
Unwitting web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...
users are invited to log into the attacker's server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
with bogus login prompts, tempting them to give away sensitive information such as usernames and password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s. Often users are unaware they have been duped until well after the incident has occurred.
Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker's base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client – thereby turning itself into an 'evil twin.'
A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and wireless card that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build. A hacker can make their own wireless networks that appear to be legitimate by simply giving their access point a similar name to the Wi-Fi network on the premises. Since the hacker may be physically closer to the victim than the real access point, their signal will be stronger, potentially drawing more victims. The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim, or it can simply say the system is temporarily unavailable after obtaining a user id and password.
Several free programs available on the Internet can decode packets to reveal clear-text logins and passwords. Using an evil twin attack a hacker is able to harvest Web applications such as email that could send passwords in clear text.
Hackers typically setup evil twin attacks near free hotspots, such as airports, cafes, near student residences, hotels or libraries.
Solutions
Virtual private networkVirtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
s or end to end encryption (such as TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
/SSL/HTTPS
Https
Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
) may be used to protect passwords, E-mail and other sensitive information.
One way that Corporate users can protect themselves from an evil twin attack is by using VPN (virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
) when logging into company servers. They should not send sensitive information such as bank account information or corporate user ids and passwords over a wireless network.