So you are hanging out at a new café that just opened up down the street and you bring your laptop or smartphone to take advantage of the free WiFi service they provide. The café is named “Bread and Butter”, your laptop identifies a wireless hotspot appropriately called “Bread and Butter WiFe”, and you eagerly connect assuming that it belongs to the café. As you peruse your favorite social media site, access your email and check to see if a financial transaction cleared your online bank account, a hacker has been capturing all of your login credentials and data. You have just been a victim of a man-in-the-middle attack thanks to an ‘Evil Twin’.
Hackers set up evil twin access points in areas serviced by public WiFi by cloning the MAC address and Service Set Identifier (SSIS) of an existing wireless AP. For instance, perhaps a coffee shop has a hotspot called “Internet Coffee” that is broadcast from the wireless AP in the back office. A hacker, using his or her laptop coupled with the necessary equipment can broadcast the same SSID from a table in the customer area. By ensuring that the signal of the evil twin is stronger than the authorized network, customers will be tempted to select it over the legitimate offering.
In some cases, a customer’s laptop may choose the stronger signal automatically. For instance, customers staying at a resort hotel may select “Connect Automatically” on their device so that it connects automatically during the duration of their stay. Doing so would allow the wireless device to connect to the evil twin when it comes within range of it. If it identifies both SSIDs, it will choose the strong signal by default. It is also possible for a hacker to perform a denial of service (DOS) attack on the legitimate hotspot, which will, in turn, disconnect everyone from it. The devices will then choose the evil twin when reconnecting. This is especially easy to perform on open WiFi networks.
Once a client is connected to an evil twin, an attacker can easily eavesdrop on its signal to hijack the device’s communications. The attacker can monitor traffic, steal credentials or redirect clients to malicious websites to either download malware or capture online credentials to fake sites.
In some instances, the malicious hotspot does not have to be an evil twin per se. For instance, maybe a local coffee shop never bothered to change the default name of its SSID, which includes the name of the internet provider. In this case, a hacker could simply broadcast an SSID that incorporates the name of the coffee shop and many customers will make the incorrect assumption and select it. A hacker could also create an evil hotspot in the pool area of a hotel resort with the word “pool” contained within the SSID, tricking resort travelers that it must be a separate pool area hotspot offered by the hotel.
Talk to one of our security experts today about securing your public Wi-Fi to prevent costly and damaging attacks.
Sign-up for email updates...