Researchers at Cranfield University are warning that "evil twin" hot spots, networks set up by hackers to resemble legitimate Wi-Fi hot spots, present the latest security threat to Web users.
Attackers interfere with a connection to the legitimate network by sending a stronger signal from a base station close to the wireless client, turning the fake access point into a so-called evil twin.
"Evil twin hot-spots present a hidden danger for Web users," said Phil Nobles, an academic researcher who specializes in wireless Internet and cybercrime. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."
Once an unknowing user has connected to an evil twin, a hacker can intercept transmitted data. Users are invited to log into the evil twin with bogus log-in prompts and can be lured into passing sensitive data such as user names and passwords.
The Cranfield University researchers believe this is a new area of cybercrime where more research is required. However, in October 2002, security company ISS published details of base-station cloning, otherwise known as evil twin traffic interception, suggesting that the idea is almost two-and-a-half years old.
In the 2002 document describing "BaseStation Clone (Evil Twin) intercept traffic," ISS gives the details of the technique. "An attacker can trick legitimate wireless clients to connect to the attacker's honeypot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station," ISS said. "This may cause unaware users to attempt to log into the attacker's honeypot servers."
Cranfield University's head of information systems, Brian Collins, said that people can protect themselves by ensuring that their Wi-Fi device has its security measures activated. He said that in the vast majority of cases, base stations taken out of the box direct from the manufacturer are automatically configured in the least secure mode possible.
There are some corporate wireless network management systems that support a distributed monitor network and protective packet injection to fend off evil clone / active MITM attacks. At worst, you end up with a denial of service against your network.
I'm not aware of anything like this for SOHO / end users.
There are some corporate wireless network management systems that support a distributed monitor network and protective packet injection to fend off evil clone / active MITM attacks. At worst, you end up with a denial of service against your network.
I'm not aware of anything like this for SOHO / end users.
This is indeed a long known problem. I was doing tests with amplifiers, packet databases, and monitor mode / packet injection in 2002 as well*.
The unauthenticated nature of the 802.11 MAC layer implies that all WiFi networks, regardless of security, will be vulnerable to denial of service attacks. Good security will at least keep your traffic from the prying eyes of an evil twin though...
<a class="jive-link-external" href="http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html" target="_newWindow">http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html</a> now located at: <a class="jive-link-external" href="http://peertech.org/janus/attacks.html" target="_newWindow">http://peertech.org/janus/attacks.html</a>
[http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...|http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...]
This is indeed a long known problem. I was doing tests with amplifiers, packet databases, and monitor mode / packet injection in 2002 as well*.
The unauthenticated nature of the 802.11 MAC layer implies that all WiFi networks, regardless of security, will be vulnerable to denial of service attacks. Good security will at least keep your traffic from the prying eyes of an evil twin though...
<a class="jive-link-external" href="http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html" target="_newWindow">http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html</a> now located at: <a class="jive-link-external" href="http://peertech.org/janus/attacks.html" target="_newWindow">http://peertech.org/janus/attacks.html</a>
[http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...|http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...]
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
I'm not aware of anything like this for SOHO / end users.
I'm not aware of anything like this for SOHO / end users.
The unauthenticated nature of the 802.11 MAC layer implies that all WiFi networks, regardless of security, will be vulnerable to denial of service attacks. Good security will at least keep your traffic from the prying eyes of an evil twin though...
<a class="jive-link-external" href="http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html" target="_newWindow">http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html</a>
now located at: <a class="jive-link-external" href="http://peertech.org/janus/attacks.html" target="_newWindow">http://peertech.org/janus/attacks.html</a>
[http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...|http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...]
The unauthenticated nature of the 802.11 MAC layer implies that all WiFi networks, regardless of security, will be vulnerable to denial of service attacks. Good security will at least keep your traffic from the prying eyes of an evil twin though...
<a class="jive-link-external" href="http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html" target="_newWindow">http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html</a>
now located at: <a class="jive-link-external" href="http://peertech.org/janus/attacks.html" target="_newWindow">http://peertech.org/janus/attacks.html</a>
[http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...|http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...]