Evil twin (wireless networks)

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.[1] The evil twin is the wireless LAN equivalent of the phishing scam.

This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.[2]

Method

The attacker snoops on Internet traffic using a bogus wireless access point. Unwitting web users may be invited to log into the attacker's server, prompting them to enter sensitive information such as usernames and passwords. Often, users are unaware they have been duped until well after the incident has occurred.

When users log into unsecured (non-HTTPS) bank or e-mail accounts, the attacker intercepts the transaction, since it is sent through their equipment. The attacker is also able to connect to other networks associated with the users' credentials.

Fake access points are set up by configuring a wireless card to act as an access point (known as HostAP). They are hard to trace since they can be shut off instantly. The counterfeit access point may be given the same SSID and BSSID as a nearby Wi-Fi network. The evil twin can be configured to pass Internet traffic through to the legitimate access point while monitoring the victim's connection,[3] or it can simply say the system is temporarily unavailable after obtaining a username and password.[4][5][6][7]

Using Captive portals

One of the most commonly used attacks under evil twins, is a captive portal. At first the attacker would create a fake wireless access point that has a similar Essid to the legitimate access point, after this has been done, the attacker then Denial-of-service attack the legitimate access point which will cause it to go offline, thus far the clients would connect to the fake access point automatically since it is similar to the legitimate one. The clients would then be led to a web portal that will be requesting them to enter their password, and this would work as a social engineering attack. When the clients have entered their legitimate access point's password the password will be sent to the attacker

gollark: Pick a random number with more zeroes than usual?
gollark: https://www.theregister.com/2019/03/05/ai_gaydar/ (headline is vaguely misleading)
gollark: I blatantly stole it from helloboi.
gollark: I may be referred to as car/cdr if desired.
gollark: The problem with spaces is that you can’t actually see them. So you can’t be sure they’re correct. Also they aren’t actually there anyway - they are the absence of code. “Anti-code” if you will. Too many developers format their code “to make it more maintainable” (like that’s actually a thing), but they’re really just filling the document with spaces. And it’s impossible to know how spaces will effect your code, because if you can’t see them, then you can’t read them. Real code wizards know to just write one long line and pack it in tight. What’s that you say? You wrote 600 lines of code today? Well I wrote one, and it took all week, but it’s the best. And when I hand this project over to you next month I’ll have solved world peace in just 14 lines and you will be so lucky to have my code on your screen <ninja chop>.

See also

References
  1. Smith, Andrew D. (9 May 2007). "Strange Wi-Fi spots may harbor hackers: ID thieves may lurk behind a hot spot with a friendly name". The Dallas Morning News. Washington, DC: Knight Ridder Tribune Business News. p. 1. Retrieved 6 June 2007.
  2. Wolfe, Daniel (February 14, 2007). "Security Watch". American Banker. 172 (31). New York, NY. p. 7. ISSN 0002-7561. ProQuest 249873579. A security firm used an evil twin as a test to obtain passwords from attendees at an RSA security conference
  3. "Evil Twin with internet access via legitimate access point : Proof of concept". kalitutorials.net.
  4. Crossman, Craig (24 August 2005). "Computer Column". Washington, DC: Knight Ridder Tribune Business News.
  5. Kirk, Jeremy (April 25, 2007). "′Evil Twin′ Hotspots Proliferate". Network World. IDG News Service.
  6. "'Evil twin' threat to Wi-Fi users". CNN. January 20, 2005.
  7. Biba, Erinwork (March 15, 2005). "Does Your Wi-Fi Hotspot Have an Evil Twin?". PC World.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.