|
Evil twin (wireless networks)
Web Design & Development Guide
Evil twin (wireless networks)
Home | Up
Evil Twin is a term for a rogue
Wi-Fi
access point that appears to be a legitimate one offered on the
premises, but actually has been set up by a hacker to eavesdrop on
wireless communications among Internet surfers.
[1]
This type of Evil Twin Attack may be used by a hacker to steal the
passwords of unsuspecting users by either snooping the communication link or by
phishing, which involves setting up a fraudulent Web site and luring people
there.[2]
A rogue Wi-Fi connection can be set up on a laptop with a bit of simple
programming and a special USB (Universal Serial Bus) thumb drive that acts as an
access point. The access points are hard to trace, since they can suddenly be
shut off, and are easy to build. A hacker can make their own wireless networks
that appear to be legitimate by simply giving their access point a similar name
to the Wi-Fi network on the premises. Since the hacker may be physically closer
to the victim than the real access point, their signal will be stronger,
potentially drawing more victims. The hacker's computer can be configured to
pass the person through to the legitimate access point while monitoring the
traffic of the victim, or it can simply say the system is temporarily
unavailable after obtaining a user id and password.[3]
Several free programs available on the Internet can decode packets to reveal
clear-text logins and passwords. Using an Evil Twin attack a hacker is able to
harvest Web applications such as email that could send passwords in clear text.
One way that Corporate users can protect themselves from an Evil Twin attack
is by using VPN (virtual
private network) when logging into company servers. They can also ask the
wireless provider to provide the
SSID, which is the
exact name of the wireless network.They should not send sensitive information
such as bank account information or corporate user ids and passwords over a
wireless network.[4]
Hackers typically setup Evil twin attacks near free hotspots, such as
airports, cafes, hotels or libraries[5]
Reference
-
^ "Strange Wi-Fi spots may harbor hackers: ID thieves may lurk
behind a hot spot with a friendly name." Andrew D. Smith. The Dallas Morning
News. Knight Ridder Tribune Business News. Washington: May 9, 2007. pg. 1
Source type: Wire Feed ProQuest document ID: 1267536891 Text Word Count 766
Document URL:
[1] (subscription). Retrieved June 6, 2007
-
^ "Security Watch. Daniel Wolfe. American Banker. New York, N.Y.:
Feb 14, 2007. Vol.172, Iss. 31; pg. 7. (A security firm used an Evil Twin as
a test to obtain passwords from attendees at RSA security conference).
Source type: Newspaper ISSN: 00027561 ProQuest document ID: 1219496681 Text
Word Count 1097 Document URL:
[2] (subscription). Retrieved June 6, 2007
-
^ "Computer Column." Craig Crossman. Knight Ridder Tribune Business
News. Washington: Aug 24, 2005. pg. 1. Source type: Wire Feed ProQuest
document ID: 886418531 Text Word Count 761 Document URL:
[3] (Subscription). retrieved June 6, 2007
-
^ Attorney General Madigan warns computer users about 'Evil twin'
attacks at wireless hotspots. US Fed News Service, Including US State News.
Washington, D.C.: Jan 17, 2006. News release by Illinois Attorney General.
Source type: Wire Feed ProQuest document ID: 975720601 Text Word Count 471
Document URL:
[4] (Subscription). retrieved June 6, 2007.
-
^ Access Without Authentification: how and why we let anyone surf
our wireless."Donna Watkins. Computers in Libraries. Westport: Mar 2006.
Vol.26, Iss. 3; pg. 10, 5 pgs. Source type: Periodical ISSN: 10417915
ProQuest document ID: 1000365471 Text Word Count 2618 Document URL:
[5] (subscription). retrieved June 6, 2007
- Jeremy Kirk, 'Evil twin' Hotspots Proliferate', IDG News Service, Apr
25, 2007
Related
Home | Up | Browser exploit | Cross-site cooking | Cross-site request forgery | Cross-site scripting | Cross-zone scripting | Directory traversal | Evil twin (wireless networks) | HTTP response splitting | IDN homograph attack | Referer spoofing | Session fixation | Session poisoning | Website spoofing
Web Design & Development Guide, made by MultiMedia | Websites for sale
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|
|