An evil twin is a fraudulent

Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio wave ...

access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the

wireless LAN A wireless LAN (WLAN) is a wireless computer network A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking is a method by which homes, telecommunications networks and bus ...

equivalent of the

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

scam A confidence trick is an attempt to defraud a person or group after first gaining their trust. Confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, confidence, irresponsibility, and greed. Researchers have def ...

. This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.

Method

The attacker snoops on Internet traffic using a bogus

wireless access point In computer networking, a wireless access point (WAP), or more generally just access point (AP), is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. As a standalone device, the AP may have a wired co ...

. Unwitting

web Web most often refers to: * Spider web, a silken structure created by the animal * World Wide Web or the Web, an Internet-based hypertext system Web, WEB, or the Web may also refer to: Computing * WEB, a literate programming system created by ...

users may be invited to log into the attacker's

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

, prompting them to enter sensitive information such as

username A user is a person who utilizes a computer or Computer network, network Service (systems architecture), service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username includ ...

s and

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

s. Often, users are unaware they have been duped until well after the incident has occurred. When users log into unsecured (non-

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

) bank or

e-mail Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...

accounts, the attacker intercepts the transaction, since it is sent through their equipment. The attacker is also able to connect to other networks associated with the users' credentials. Fake access points are set up by configuring a wireless card to act as an access point (known as

HostAP HostAP was one of the most popular IEEE 802.11 device drivers for Linux and since November 2016 is officially obsolete in Linux kernel. It works with cards using the Conexant (formerly Intersil) Prism 2/2.5/3 chipset and support Host AP mode, whi ...

). They are hard to trace since they can be shut off instantly. The counterfeit access point may be given the same SSID and BSSID as a nearby Wi-Fi network. The evil twin can be configured to pass Internet traffic through to the legitimate access point while monitoring the victim's connection, or it can simply say the system is temporarily unavailable after obtaining a username and password.

Using captive portals

One of the most commonly used attacks under evil twins is a captive portal. At first, the attacker would create a fake wireless access point that has a similar

Essid In IEEE 802.11 wireless local area networking standards (including Wi-Fi), a service set is a group of wireless network devices which share a ''service set identifier'' (''SSID'')—typically the natural language label that users see as a network ...

to the legitimate access point. The attacker then might execute a

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...

on the legitimate access point which will cause it to go offline. From then on, clients would connect to the fake access point automatically. The clients would then be led to a web portal that will be requesting them to enter their password, which can then be misused by the attackers.

References

External links

* Rogue AP software. * {{DEFAULTSORT:Evil Twin (Wireless Networks) Web security exploits

Method

Using captive portals

See also

References

External links