Evil twin (wireless networks)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For other uses, see Evil twin (disambiguation).

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate, set up to eavesdrop on wireless communications.[1] The evil twin is the wireless LAN equivalent of the phishing scam.

This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.[2]

Method[edit]

The attacker snoops on Internet traffic using a bogus wireless access point. Unwitting web users may be invited to log in to the attacker's server, prompting them to enter sensitive information such as usernames and passwords. Often, users are unaware they have been duped until well after the incident has occurred.

When users log in to unsecured (non-HTTPS) bank or e-mail accounts, the attacker intercepts the transaction, since it is sent through their equipment. The attacker is also able to connect to other networks.

Fake access points are set up by configuring a wireless card to act as an access point (known as HostAP). They are hard to trace since they can be shut off instantly. The counterfeit access point may be given the same SSID and BSSID as a nearby Wi-Fi network. The evil twin can be configured to pass Internet traffic through to the legitimate access point while monitoring the victim's connection,[3] or it can simply say the system is temporarily unavailable after obtaining a username and password.[4]

See also[edit]

References[edit]

  1. ^ Smith, Andrew D. (9 May 2007). "Strange Wi-Fi spots may harbor hackers: ID thieves may lurk behind a hot spot with a friendly name". The Dallas Morning News. Washington, DC: Knight Ridder Tribune Business News. p. 1. Retrieved 6 June 2007. 
  2. ^ Wolfe, Daniel; "Security Watch", American Banker, New York, NY: February 14, 2007, vol. 172, no. 31, p. 7 (A security firm used an evil twin as a test to obtain passwords from attendees at an RSA security conference) (Source type: Newspaper; ISSN 0002-7561; ProQuest document ID: 1219496681; Text Word Count: 1097; Document URL: [1] (subscription)) Retrieved June 6, 2007
  3. ^ "Evil Twin with internet access via legitimate access point : Proof of concept". 
  4. ^ Crossman, Craig (24 August 2005). "Computer Column". Washington, DC: Knight Ridder Tribune Business News. 
  • Kirk, Jeremy; ′Evil Twin′ Hotspots Proliferate, IDG News Service, April 25, 2007

External links[edit]