WLAN Book
April 29th, 2007

‘Evil Twin’ Wi-Fi Access Points Proliferate

An evil twin access point as described in a Network World article is a

Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.

In reality, if the goal is to just eavesdrop, then the attacker doesn’t need a evil twin access point. Sniffing wireless traffic can be done passively using free tools and the users of the wireless network would never know.

Evil twin access points are more likely to exist when the attacker is planning a more sophisticated attack such as a man-in-the-middle (MITM) attack. The evil twin access point would by used by the attacker to get between a secure communications channel without the user knowing.

It is almost impossible for standard client security tools to detect MITM attacks because they are usually tracking layer 3 events and most of the action for a wireless MITM attack occurs at layer 2.

MITM implementation examples from Wikipedia below.

dsniff - A tool for SSL MITM attacks
Ettercap - A tool for LAN based MITM attacks
Karma - A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
AirJack - A tool that demonstrates 802.11 based MITM attacks

Share and Enjoy:
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook
  • Sphinn
  • TwitThis
  • LinkedIn
Related Posts:
  • Man-In-The-Middle (MITM) Attack
    A man-in-the-middle (MITM) attack occurs when an attacker inserts himself between two devices and is able to read, insert, modify messages between the two devices....
  • Rogue Access Points
    Wireless LAN security for residential users is mainly about using the proper encryption. For corporate networks, securing against rogue access points is also important. Rogue...
  • Rogue Wireless Station
    A rogue wireless station is an unauthorized station connected to a network via an access point. The access point used for connectivity can either be...
  • WiFi Phishing
    Below is the opening sentence from Wikipedia's entry for "phishing". In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently...

Related posts brought to you by Yet Another Related Posts Plugin.

If you liked this post, subscribe using below

WLAN Book RSS Feed

RSS Email WLAN Book by Email

.

Filed under: WLAN Security

Leave a Reply