Evil Twin Attack is attack is frequently carried upon wireless access points with malicious intentions.
This attack happens when attackers exploits a fundamental issue with Wi-Fi, i.e., our Laptops, smartphones, and connected devices aren't equipped to distinguish between two radios broadcasting the same SSID name. This allows hackers to use malicious access points (APs) that eavesdrop on traffic, establish "man-in-the-middle" (MitM) positions, and extract sensitive information, often without leaving any traces behind.
In a normal Wi-Fi connection, a person's client device (upper image) associates with a legitimate AP. When an evil twin AP is present, a threat actor broadcasts the same SSID as the legitimate AP (and often the same BSSID or MAC address of the SSID) to fool the device into connecting (lower image).
What can you do to prevent Evil Twin AP attacks?
Businesses offering Wi-Fi to their employees and customers can use wireless intrusion prevention systems (WIPS) to detect the presence of an evil twin AP and prevent any managed corporate clients from connecting to them. You should also protect access points through the use of a Personal Security Key (PSK) and provide it to employees and customers.
End Users:
BUT for normal Wi-Fi users, an evil twin AP is nearly impossible to detect because the SSID appears legitimate and the attackers typically provide Internet service. In most cases, the best way to stay safe on unfamiliar Wi-Fi networks is to always use a VPN to encapsulate the Wi-Fi session in another layer of security. You can still follow these best practices:
-
Avoid public free WiFi access altogether.
-
Do not connect to open WiFi access points without verifying it as legitimate.
-
Disable to auto connect feature and promiscuous mode on all wireless devices.
-
Ask the establishment for the official name of their hotspot, and any security key if one exists. Intentionally type in the wrong key. Some evil twins will grant access to the hotspot no matter what key is entered.
-
Don’t log into any accounts on public Wi-Fi. This way, the hacker will not be able to steal your credentials and use them against you.
-
Avoid connecting to Wi-Fi hotspots that say ‘Unsecure,’ even if it has a familiar name.
-
Use 2-factor-authentication for all your sensitive accounts. This way, even if a hacker gets hold of your login credentials, they will still struggle to get into your accounts.
-
Learn to recognize social engineering attacks, phishing, and spoofed URLs.
-
Only visit HTTPs websites, especially when on open networks. HTTPs websites provide end-to-end encryption, making it difficult or impossible for hackers to see what you do when you visit them.
-
Don’t dismiss your device's notifications, especially if you were kicked off the network and you’re connecting to what you think is a known Wi-Fi network. If your device recognizes it as a new network, don’t ignore it!
-
Don’t autosave Wi-Fi on your device because when it’s not connected to your home or office networks, it will transmit so-called probes. They can give out a lot of information about you, including your home address. Hackers can sniff this information and pretend to be your home network.
-
Use a VPN whenever you connect to a public hotspot. It will encrypt your traffic before it leaves your device, making sure that no one sniffing the traffic can see your browsing behaviors.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM