Evil Twin AP

Evil Twin AP is confidentiality based attack to wireless users on public and Private WLANs.

It is a phony wireless Access Point that pretends to be a legitimate Access Point by advertising the respective WLAN’s name (that is SSID). KARMA tool is used for monitoring station probes, looking for commonly used SSID’s and adopting one as its own. On the other hand those APs that do not send SSIDs in beacons can be monitored and identified by using Wireshark, Kismet or another WLAN analyzer.

Why an AP that uses someone else’s SSID dangerous?

Wireless station generally connects to any AP with a given SSID. In the worse, many station automatically reconnect to any SSID used in the past. By placing an Evil Twin near  business users can be enough to trick their wireless devices to associated with a phony AP. Even sometime an attacker who gets impatient waiting for users to roam to the Evil Twin can use tool like Airplay to deauthenticate everyone, forcing immediate reassociation.

Once the Legitimate users connected to an Evil Twin, can use its vantage point to launch many other attacks. For example, any web request can be redirected to the local host through DNS spoofing. A Man in Middle tool like Dsniff that can compromised SSL or SSH sessions by posing as Target Server.

How to Stop these Attacks?

  • By educating users who are readily connect to any AP to obtain free access of internet, without know to who might own that AP or how that AP may trick them into disclosing Sensitive Data.
  • Explain them not to accept SSH public keys or SSL server certificates blindly, and the potential consequences of doing so.
  • In the organizations provide your users with tools that detect or better yet ,prevent unauthorized wireless connection. For Example:
  • Use Intrusion detection System to spot or block policy associations.
  • Prevent users from adding unsecured wireless network entries.
  • Supply mobile users with secure hotspots client to avoid web page login.
  • Educate users about options for using 802.1X in home WLANs.

However there are many steps that can be helpful to evade Evil Twins, but it may not be practical to eliminate all risks.

Nitin Pandey
Company – Innodata Noida