Evil Twin Attack – A WiFi Cyber Security Threat You Should Know About

Evil Twin Attack – A WiFi Cyber Security Threat You Should Know About

WiFi is everywhere nowadays. How do you know if the WiFi network you are on is safe and secure? The truth is it is very hard to tell whether a network is secured when you are connecting to it in a coffee shop, hotel, airport or even your neighbor’s house.

Wireless networks have been subjected to an attack called the “Evil Twin Attack”. An Evil Twin attack is a fraudulent WiFi access point that looks to be a legitimate set up, but it actually eavesdrops on wireless communications. As far as wireless LAN goes, this is the equivalent of an email phishing scam. It is very hard to detect and you need to be on your toes at all times. The Evil Twin attack is designed to steal passwords of unsuspecting users by monitoring connections or phishing, which involves a fake website and luring people to the location.

So, how can this tactic obtain your information?

After you are lured onto the bogus wireless access point, the hacker will prompt you to enter sensitive information, making it look like you need to connect to the wireless internet. Once, your information is entered, the hacker has access to every website you go to that is unsecured (non-HTTPS). For example; when you log into an unsecured bank or email account, the attacker interrupts the transaction and sends it through their equipment, which gives them all the information they need to access your accounts later. This Evil Twin attack can be set up to pass internet traffic through to the legitimate access point while monitoring the victim’s connection or it can produce a message that says the system is temporarily unavailable after the hacker obtains a username and password.

Great, now I am terrified. How do I protect myself?

There are a number of ways to protect yourself from this wild new cyber security threat.

  1. Don’t use free public WiFi.
    1. Typically, free WiFi is not the most secured internet option.
  2. Patch your personal router.
    1. Yes, your router could use an update just like your phone or computer. Contact your internet service provider or your router manufacturer to find out how to check for available patches.
  3. Save financial transactions/sensitive website usage for a secured internet connection.
    1. Banking and online shopping should be done at home, not from a hotel room…

If that didn’t scare you enough, the number of sensitive data breaches seems to be increasing daily. You need to do what you can to protect yourself from cyber criminals that are out to ruin you day. Hackers gaining access to WIFI can connect to you LAN and play the man-in-the-middle attack.

A research project conducted by Detectware Security Group known as Wardriving harvested 2500 access point with passwords.

Those interested in Wireless Forensics, Exploitation, Cracking, and Defense should checkout our upcoming workshop “AIRRAID 2019”

Share this post

Comment (1)

  • Prince Reply

    Thanks you

    January 11, 2021 at 1:22 pm

Leave a Reply

Your email address will not be published. Required fields are marked *