If not redirected, please click here https://www.thesecuritybuddy.com/phishing/how-to-prevent-evil-twin-attack/
Nowadays we use Wi-Fi every now and
then - in home, office or even in public places. But, how safe is it
?
Evil Twin is one very common recent
threat that we need to consider before we use Wi-Fi, especially in
public places.
What is Evil Twin
Evil Twin is basically a rogue Wi-Fi
access point. It may look very similar to a legitimate one. But, it
actually is a Wi-Fi access point controlled by attackers. Most of the
time, it contains an SSID or Service Set Identifier of the access
point very much similar to the legitimate one. Sometimes, it even
provides signal stronger than the legitimate ones so that it can
attract attention easily. But, it is actually controlled by the
attackers. So, any data traveled through that Evil Twin Wi-Fi access
point can be intercepted by attackers.
Purpose of Evil Twin
Attackers make Evil Twin mainly for
stealing sensitive data or for other Phishing attacks. If a victim
connects to an Evil Twin, any non-HTTPS data can be easily
intercepted, as it travels through the attackers' equipment. So, if
the user logs in to unprotected bank or email account, the attacker
will have access to the entire transaction.
The victim may even be tricked with a
login prompt of attacker's server, tempting him to provide sensitive
information like usernames and password and resulting in a Phishing
attack.
How is Evil Twin created
An Evil Twin can easily be created by
an attacker with a smartphone or computer and with some easily
available software. The attacker first places himself near a
legitimate Wi-Fi hotspot and finds out the SSID or Service Set
Identifier and signal strength of the access point. Now, he sends his
radio signal using the same or very similar SSID. The attacker may
even position himself near the potential victims so that his signal
can lure the victims. Some attackers even use some software to
deauthenticate the victims from legitimate Wi-Fi access point, so
that when they connect back they would connect to the Evil Twin, as
it provides stronger signal.
Mitigation
- It is always a good idea to use VPN. It creates an encrypted tunnel before transmitting data. As a result, it is hard for the attacker to intercept that data.
- Some software like EvilAP_Defender can be used by network administrator to detect Evil Twin. They try to find out :
- Wi-Fi access points with similar SSID, but different BSSID or MAC address of wireless access point.
- same BSSID as the legitimate one, but with different attributes like channel, cipher, privacy protocol, authentication etc.
- Even with same BSSID and attributes as the legitimate access point, but with different tagged parameter like OUI or Organizationally Unique Identifier which is assigned by the IEEE registration authority.
- Before connecting to a Wi-Fi do not just rely on the name of the wireless access point, instead verify whether it is a legitimate one.
- It is always better to restrict browsing only to websites that do not require any sensitive data like login credentials while using a public Wi-Fi.
- Avoid providing any sensitive information even any website or login screen asks for that while using public Wi-Fi.
So, beware of all the security
vulnerabilities and recent threats and stay safe, stay secured.