X

'Evil twin' could pose Wi-Fi threat

Wi-Fi hot-spot users should be on their guard for fake wireless access points used by hackers to steal data, researchers warn.

2 min read
Researchers at Cranfield University are warning that "evil twin" hot spots, networks set up by hackers to resemble legitimate Wi-Fi hot spots, present the latest security threat to Web users.

Attackers interfere with a connection to the legitimate network by sending a stronger signal from a base station close to the wireless client, turning the fake access point into a so-called evil twin.

"Evil twin hot-spots present a hidden danger for Web users," said Phil Nobles, an academic researcher who specializes in wireless Internet and cybercrime. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."

Once an unknowing user has connected to an evil twin, a hacker can intercept transmitted data. Users are invited to log into the evil twin with bogus log-in prompts and can be lured into passing sensitive data such as user names and passwords.

The Cranfield University researchers believe this is a new area of cybercrime where more research is required. However, in October 2002, security company ISS published details of base-station cloning, otherwise known as evil twin traffic interception, suggesting that the idea is almost two-and-a-half years old.

In the 2002 document describing "BaseStation Clone (Evil Twin) intercept traffic," ISS gives the details of the technique. "An attacker can trick legitimate wireless clients to connect to the attacker's honeypot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station," ISS said. "This may cause unaware users to attempt to log into the attacker's honeypot servers."

Cranfield University's head of information systems, Brian Collins, said that people can protect themselves by ensuring that their Wi-Fi device has its security measures activated. He said that in the vast majority of cases, base stations taken out of the box direct from the manufacturer are automatically configured in the least secure mode possible.

Dan Ilett of ZDNet UK reported from London.