- Related Stories
-
Worried about Wi-Fi security?
January 19, 2005 -
Password juggling no more?
January 14, 2005 -
T-Mobile: Hacker had limited access
January 12, 2005
Attackers interfere with a connection to the legitimate network by sending a stronger signal from a base station close to the wireless client, turning the fake access point into a so-called evil twin.
"Evil twin hot-spots present a hidden danger for Web users," said Phil Nobles, an academic researcher who specializes in wireless Internet and cybercrime. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."
Once an unknowing user has connected to an evil twin, a hacker can intercept transmitted data. Users are invited to log into the evil twin with bogus log-in prompts and can be lured into passing sensitive data such as user names and passwords.
The Cranfield University researchers believe this is a new area of cybercrime where more research is required. However, in October 2002, security company ISS published details of base-station cloning, otherwise known as evil twin traffic interception, suggesting that the idea is almost two-and-a-half years old.
In the 2002 document describing "BaseStation Clone (Evil Twin) intercept traffic," ISS gives the details of the technique. "An attacker can trick legitimate wireless clients to connect to the attacker's honeypot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station," ISS said. "This may cause unaware users to attempt to log into the attacker's honeypot servers."
Cranfield University's head of information systems, Brian Collins, said that people can protect themselves by ensuring that their Wi-Fi device has its security measures activated. He said that in the vast majority of cases, base stations taken out of the box direct from the manufacturer are automatically configured in the least secure mode possible.
Dan Ilett of ZDNet UK reported from London.
See more CNET content tagged:
base station, twin, attacker, researcher, hacker
I'm not aware of anything like this for SOHO / end users.
I'm not aware of anything like this for SOHO / end users.
The unauthenticated nature of the 802.11 MAC layer implies that all WiFi networks, regardless of security, will be vulnerable to denial of service attacks. Good security will at least keep your traffic from the prying eyes of an evil twin though...
http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html
now located at: http://peertech.org/janus/attacks.html
[http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...|http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...]
- This is indeed old news...
- by January 22, 2005 7:08 AM PST
- This is indeed a long known problem. I was doing tests with amplifiers, packet databases, and monitor mode / packet injection in 2002 as well*.
- Like this Reply to this comment
-
(8 Comments)The unauthenticated nature of the 802.11 MAC layer implies that all WiFi networks, regardless of security, will be vulnerable to denial of service attacks. Good security will at least keep your traffic from the prying eyes of an evil twin though...
http://web.archive.org/web/20021119041924/http://cubicmetercrystal.com/janus/attacks.html
now located at: http://peertech.org/janus/attacks.html
[http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...|http://As a side note, this is not a good line of research to follow for an independant researcher in the US. FBI InfraGuard and DHS do not approve...]