The Evil Twin hack is the biggest threat faced today by workers using Wi-Fi. If you ever work on a laptop, phone or tablet using public Wi-Fi it’s definitely something you need to be aware of.
Evil Twin is a term for a Wi-Fi hotspot that has been set-up by a hacker with malicious intent specifically to mimic or impersonate a legitimate a Wi-Fi network and dupe unsuspecting users into using it. Once a user is connected to an Evil Twin Access Point (AP), the hacker will be able execute whats called a ‘Man in the middle’attack and intercept and analyse and even inject traffic. In other words they will have total access to the users data both coming and going which will enable the hacker to:
- Intercept unencrypted traffic and view the data
- Intercept email and passwords that are used to access websites.
- Acquire passwords for accessing Wi-Fi APs
- Route your web browser to a fake Phishing websites in an attempt to acquire your credit card details
An Evil Twin AP, could be set-up in a public areas such as a Café by a hacker using a laptop computer, either as a clone of a legitimate AP or with a different identify but offering a stronger signal which will attract users. Or as in the example below an Evil Twin can be set-up to Clone a private AP such as the one you have at home.
The most surprising thing is just how easy it is for someone with a reasonable level (not an IT expert) of IT knowledge to execute this hack. Each and every step of the process along with all the required software is readily available online.
For example the following article provides a step by step guide to targeting a neighbour in order to conduct a man in the middle attack. This is achieved by cloning their wireless access point as an Evil Twin, booting them off their AP, and by making the signal of the Evil Twin access point stronger than their own AP, and getting them to connect to the Evil Twin AP instead.
http://null-byte.wonderhowto.com/how-to/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data-0147919/
Protecting against Evil Twin
The most fundamental thing is user education. Organisations need update their IT policy to include dos and don’ts for working remotely over Wi-Fi e.g. Don’t connect to unknown access points, or blindly accept SSL or SSH certificates.;
If your organisation relies heavily on remote working, it might be a good idea to consider supplying remote workers with Wireless hotspot software which ensures they only connect through a given provider using software that will ensure they only connect to authentic hotspots such as T-mobiles connection manager.
The most effective way to protect data against the ‘Evil Twin’ threat is to encrypt your traffic. You can do this either by using HTTPS to connect to email and other secure sites or by using a Virtual Private Network – VPN, connection. A VPN tunnel encrypts the traffic and in so doing prevents the data from being viewed by a man in the middle attack.
