Wireless Attack: Evil Twin
Tags: cyber security, internet security
WiFi enabled devices have a little known idiosyncrasy that can be exploited by hackers. This issue is the automatic reconnection to wireless networks that your device has previously successfully connected to in the past. The typical device saves the details about the wireless network in a profile. When the wireless adapter is enabled and not currently connected to a network, it attempts to reconnect to a network it had a successfully connection to previously. The wireless adapter does this by making a connection request to the networks for which it has a stored wireless network profile. This connection request includes the network’s name (i.e. SSID) and the base station’s MAC address.
Unfortunately, this convenience is also a problem. If a hacker happens to be listening in on the wireless network frequencies when your device attempts this auto-reconnection procedure, the hacker can learn the details of the original network. Once the network name and base station’s MAC address are known, the hacker can operate a false access point and impersonate the original network. By running a hacker tool known as Evil Twin, the process of collecting your connection requests and sending back false replies can be performed automatically.
To prevent this from happening to you, take the following steps:
1. Keep the wireless adapter off when not in active use.
2. Regularly purge the list of wireless network profiles. In Windows 7, this is done through the Network and Sharing Center by clicking on Manage Wireless Networks. In Windows 8, this is done by clicking on the wireless icon to show the list of available and remembered networks, then right-click on a network name then select Forget to delete it.
3. Be careful to look at the wireless network name you are connected to. If you are not at a location that should be offering a “known” network, then you could be under attack. DISCONNECT!