January 29, 2012

3.4.3 Evil Twin

Evil Twin

Evil twin attack is a term for a rogue Wi-Fi access point (AP) that appears to be a legitimate, but actually has been set up by a hacker to eavesdrop and intercept wireless communications among Internet surfers.

It is an attack in which unsuspecting Wi-Fi users are tricked into associating with a phony wireless Access Point. Also known as AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP, these attacks use phony APs with faked login pages to capture credentials and credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts.

Evil twin is the wireless version of e-mail phishing scams. An attacker tricks wireless users into connecting a laptop or mobile phone to a rogue hotspot by posing as a legitimate provider.
By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services that they are providing. When the users log into bank or e-mail accounts, the phishers have access to the entire transaction, since it is sent through their equipment.

One way that Corporate users can protect themselves from an evil twin attack is by using VPN (virtual private network) when logging into company servers.

References:

  • http://www.watchguard.com/infocenter/editorial/27061.asp
  • http://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
  • http://www.ericgoldman.name/security/8-exploits-and-attacks/21-evil-twin-attack-explanation
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment