• 0

'Evil twin' threat to Wi-Fi users


Question

CAH

LONDON, England -- "Evil twins" are the latest menace to threaten the security of Internet users, experts in the UK are warning.

An "evil twin" is a bogus base station that latches on to someone using new "Wi-Fi" wireless technology.

Victims think their laptops or mobile phones are connected to bona fide wireless internet connections.

They may then transmit valuable bank details or other personal information, not suspecting that they are being intercepted by cybercriminals.

Professor Brian Collins, from the Royal Military College of Science, Cranfield University, a former chief scientist at GCHQ -- the Government's secret eavesdropping station -- said: "Users need to be wary of not using their Wi-Fi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive personal nature, for fear of having disclosed this information to an unauthorised third party."

Wireless devices link to the Internet via "hotspots" - nearby connection points that they lock on to. But these hotspots can act like an open door to thieves.

Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin."

Dr. Phil Nobles, a wireless Internet and cybercrime expert at Cranfield University, said: "So-called 'evil twin' hotspots present a hidden danger for Web users.

"In essence, users think they've logged on to a wireless hotspot connection when in fact they've been tricked to connect to the attacker's unauthorised base station.

"The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client -- thereby turning itself into an 'evil twin.'

"Cybercriminals don't have to be that clever to carry out such an attack. Because wireless networks are based on radio signals they can be easily detected by unauthorised users tuning into the same frequency."

Unwitting web users are invited to log into the attacker's server with bogus login prompts, tempting them to give away sensitive information such as user names and passwords.

Often users are unaware the have been duped until well after the incident has occurred.

more:

http://www.cnn.com/2005/TECH/internet/01/2...wins/index.html

Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0
leesmithg

Yeah saw it on news early this morning, don't have wireless, seems the rich are going to be robbed, ha ha.

Link to post
Share on other sites
  • 0
Vice

Well I have wireless. But I never have the need to purchase something off ebay or what not, when I'm at starbucks lmao

Link to post
Share on other sites
  • 0
Jerichohol

I also saw it, I think to secure yourself is have a basic knowledge of wireless security or if you are really paranoid dont go to any important websites like online banking while on a wireless network

Link to post
Share on other sites
  • 0
dragon2611
I also saw it, I think to secure yourself is have a basic knowledge of wireless security or if you are really paranoid dont go to any important websites like online banking while on a wireless network

585327910[/snapback]

wander if its affects home wireless networks as well

i suppose if they were encypted with wep or wpa a lot less chance of it becuase the other ap would have to be using your wep/wpa code (yes i know its crackable but i dount someone wants to sit there for hours waiting for their pc to crack it)

Link to post
Share on other sites
  • 0
PseudoRandomDragon

Adhoc is also useful in making evil twins. WinXP's wireless config utility automatically connects to it, then the fun can begin.

Link to post
Share on other sites
  • 0
Caledai

Simple. If you run a wireless @ home, run a ssh proxy on it. any data to the proxy is encrypted via ssh, then the traffic goes out over a hard wire to the router.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.