Nowadays, we often use public Wi-Fi – in restaurants, malls, or other public places. But how safe is it? The evil twin attack is one very common threat that we need to consider before we use public Wi-Fi.
What is an evil twin?
An evil twin is a rogue Wi-Fi access point. It may look very similar to the legitimate one. But, it actually is a Wi-Fi access point controlled by attackers. Most of the time, it uses an SSID or Service Set Identifier that looks very similar to the legitimate one. Sometimes, it even provides a signal stronger than the legitimate one so that it can attract attention easily. But, it is actually controlled by attackers. So, any data traveled through that evil twin Wi-Fi access point can be intercepted by attackers.
The purpose of evil twin
Attackers make an evil twin mainly for stealing sensitive data or for other phishing attacks. If a victim connects to an evil twin, then non-HTTPS data of the victim can be easily intercepted as it travels through the attackers’ equipment. So, if the user logs in to an unprotected bank or email account, the attacker will have access to the entire transaction.
The victim may even be tricked with a login prompt of the attacker’s website and tempted to provide sensitive information like usernames and passwords. That may result in a phishing (What is phishing and how to prevent it ?) attack.
How is an evil twin created?
An evil twin can easily be created by an attacker with a smartphone or computer and with some easily available software. The attacker first places himself near a legitimate Wi-Fi hotspot and finds the SSID or Service Set Identifier and signal strength of the access point. Now, he sends his radio signal using the same or similar SSID. The attacker may even position himself near the potential victims so that his signal can lure the victims. Some attackers even use software to de-authenticate the victims from the legitimate Wi-Fi access point. So, when the victims connect back, they …
0 Comments