Don’t be Fooled by Imitations Protect your Data from Evil Twin Attacks
Contents
Don’t be Fooled by Imitations Protect your Data from Evil Twin Attacks#
Wireless access to the internet has increased and evolved over the years with the advances in technology. Free and easily accessible WiFi networks are available in public places such as coffee shops, hotel lobbies, airports, shopping malls, and much more. People are naturally inclined to connect to these networks to check their emails, browse the internet or perform any other important task. However public WiFi networks much like any other publicly available service might not be totally secure and carry their potential risks.
When a person uses a public WiFi network, he exposes his device as well as the information being exchanged over the public WiFi to different malicious entities. This puts any person connecting to these networks at the risk of different wireless attacks. person-in-the-middle attacks comprise the most common attack technique employed by hackers to gain hold of sensitive information. This attack technique allows the hacker to intercept sensitive information being exchanged between two legitimate nodes and reuse this information to cause further harm. One of the forms of person-in-the-middle attack using fake access points in a WiFi network is the Evil Twin Attack. When you connect to a WiFi connection that is made available to the public, an attacker can use the Evil Twin attack technique to eavesdrop on your network traffic. This article explains the evil twin attack and its various stages as well as the preventive measures that can be taken to safeguard yourself against this attack.
What is an Evil Twin Attack?#
An attack known as an “Evil Twin Attack” is a spoofing person-in-the-middle attack in which the attacker inserts a fake access point that imitates a trusted network. Therefore, the attacker deceives the users into connecting to the attacker’s access point. Because of this, he is able to view or intercept the user’s network traffic, compromising sensitive data including login credentials, credit or debit card information, and many other types of information.
The main goal of an evil twin attack is information gathering. An attacker develops an evil twin of an existing Wi-Fi network to trick users into disclosing vital information. By copying the MAC address and/or SSID (Service Set Identifier) of the genuine WiFi network, the evil twin network substantially mimics the original network. When users connect to this access point, all of the data they exchange with the network passes through a server that is under the attacker’s control. Using various software tools, an attacker can easily develop an evil twin network. On unsecured WiFi networks, evil twin attacks are becoming more common, which puts sensitive, private, or confidential information at tremendous risk. Most user devices can’t tell the difference between two networks with the same name, which is why this attack is so successful.
The Different stages involved in an Evil Twin Attack#
The evil twin attack is similar to a phishing attack in that it misleads people into connecting to the attacker’s hotspot by making it appear to be a legitimate wireless network. The following are the stages that are involved in this attack:
1. Setting up a fake access point:#
This is the very first step involved in an Evil Twin attack. In this step, the attacker first picks a public location having multiple hotspots or access points such as cafes, libraries, airports, etc. The purpose of choosing such a place is that these places commonly have multiple access points with the same name and it would allow the attacker’s activities to go on unnoticed.
After the attacker is done choosing his desired location, he moves on to set up his fake access point. This step involves the attacker creating a hotspot with the same SSID or MAC address as that of the legitimate network. An attacker can use multiple tools at this point to set up this hotspot. Some of the most commonly used tools are routers, laptops, mobile phones, tablets, or in some cases the attacker may even use a Wifi Pineapple. A Wifi Pineapple is a portable device that can be leveraged by hackers to collect sensitive personal information from unsuspecting users on public Wi-Fi networks. The Pineapple is also used by network security testers to easily execute sophisticated attacks on public Wi-Fi networks to see how the attacks work and how to protect the network from those attacks. The pineapple has multiple antennas to cover a greater range while also being able to interface with hundreds of devices at the same time, rather than a few devices.
2. Creating a Fake Captive Portal:#
A captive portal is a web page that is commonly used in publicly accessible wireless networks. The purpose of using these captive portals in the public network is to inform the users of different conditions while accessing the network and to make users aware of different liabilities, such as a user being responsible for their own actions, to avoid any legal actions. Users are obliged to view these captive portals and require them to enter a password or other basic login information before being granted access to the network.
A clever attacker can maliciously craft and replicate these captive portals to make them look very similar to the portals used by legitimate networks. This in turn makes it very hard for the victim user to tell the difference between a fake and a legitimate captive portal. Thus the attacker can use these portals to capture the login information belonging to the user. Once the hackers have these credentials, they can log in to the network and control it. Sometimes the public Wifi networks are open and don’t use captive portals. In that case, the attacker will skip this step and move on to the next one.
3. Tricking the victim into connecting to the attacker’s Evil Twin Access point:#
Now after the attacker is done setting up the access point as well as the captive portal, he can then take different steps in order to trick the users into connecting to the attacker’s network instead of the legitimate network. The attacker can use different strategies in order to achieve this goal. One of the techniques that an attacker can use is to move closer to the victims in order to produce a stronger WiFi connection signal. This will convince the users to connect to the attacker’s Evil twin network which has a stronger connection as compared to other Wifi networks. Another technique that the attackers can use is to perform a DDOS (Distributed Denial of Service attack) on the legitimate network to take it down and force the users to connect to the attacker’s network.
4. Stealing the user’s information:#
Now that the victim is connected to the attacker’s evil twin network, the attacker has very easy access to view the victim’s network activity and steal sensitive data. The attacker may now keep track of everything the victim does, including signing into his account, reading and sending important business emails, browsing his social media profiles, and much more. The attacker has access to all internet activity when they conduct a person-in-the-middle attack like this one. If the user logs into something sensitive (like a bank account), the hacker can access all the login information and save it for later use.
Impact of the Evil twin attack#
The victim’s sensitive information, or information to which the victim has access rights, may be significantly impacted by the Evil Twin attack in terms of its security and privacy. Additionally, it can greatly increase the likelihood that the victim’s device will be compromised, for example, if malware is injected onto the victim’s device by the attacker. As a result, the attacker can carry out a variety of tasks using the malware they have installed, including monitoring the victim, setting up a back door enabling remote access to his device, encrypting sensitive files on his computer, and much more. Let us consider some examples to understand the impact of the Evil Twin attack.
For instance, the user goes to the coffee house he regularly visits that is close to his home. In order to access the internet, the user has a habit of connecting to their network. Since there have never been no issues using this network in the past, the user has no reservations about connecting to this network. Assume for a moment that the attacker deploys their evil twin access point and deceives the victim into joining their network by using the methods described above. Now, if the user logs into his bank account to carry out a transaction, the attacker can steal sensitive information like his bank account information. Once he has this information, he can utilize it to commit malicious acts like moving user’s funds to his own bank account.
Another example can be the victim user connecting to his company’s network via the internet using the attacker’s evil twin network. Now in the absence of any security controls on the victim’s device such as accessing the company’s network using a VPN, the attacker can gain hold of the company’s data. Therefore in this case any sensitive or confidential company information that the user accesses while being connected to the attacker’s evil twin network, will be intercepted or read by the attacker leading to the security of this information becoming compromised.
How can you protect yourself from the Evil Twin attack?#
In order to protect themselves from the Evil twin attack, individual users or organizations can adopt some of the precautions described in this section while their employees are logging into the company’s network through the internet. These preventative measures are listed below:
Avoid connecting to Unsecure WiFi Networks#
When it comes to safeguarding yourself or your employees from an Evil twin attack, this preventive measure is quite straightforward. The WiFi networks that are labeled as “Unsecure” lack the standard security measures to safeguard the data being transmitted over the network. Users should refrain from joining any such public network, for this reason. In addition to other security measures, a company should inform its employees of the security risks associated with accessing the company’s network over public hotspots .
Use your own hotspot#
A very good alternative to using public hotspots is to use your own hotspot. Using a personal hotspot, the user or the employee can bypass local Wi-Fi hotspots, thus evading fake access points and saving sensitive information from getting stolen. Additionally, the user should enable password protection on the device to keep his hotspot private.
Never ignore your device security warnings#
When a user wants to connect to a WiFi network, it occasionally happens that his device issues a security warning informing them of the security risks of connecting to the network. These warnings may be ignored by certain people who are not tech savvy or who are not sufficiently security aware. This kind of careless user behavior is what an attacker relies on, in order to carry out his attack successfully.
Disable Auto-connect on your device#
It may also happen that when a user visits a place and connects with a wireless network on his device, his device remembers that network. Now if he revisits that place another time, his device can automatically reconnect with that network without even requiring the user’s permission given that the auto-connect settings are enabled on his device. The attacker can therefore take advantage of such settings especially if you have connected with that evil twin network before in the past. It is therefore very important to disable the auto-connect settings on your device so that you can approve or reject connecting to a public hotspot.
Use multi-factor authentication#
It is essential that users enable multi-factor or two-factor authentication on their accounts to prevent their login credentials from being stolen. The usage of multi-factor authentication necessitates the provision of additional credentials, such as an OTP (one-time password), in addition to the user’s password, to be authenticated before gaining access to the necessary resources. Multi-Factor authentication therefore, provides sufficient protection to the user’s credentials against different attack vectors.
Avoid performing sensitive tasks online#
One of the ways that the users can protect themselves from the evil twin attack is to avoid performing any sensitive tasks such as logging into their accounts, carrying out online financial transactions, accessing sensitive company information, sending important emails, and much more while they are accessing the internet using public networks. Attackers can only access this information as long as you are using their evil twin network. Avoiding any tasks that risk the exposure of sensitive information while you are using public Wifi networks can prevent this information from being exposed, stolen, or compromised.
Only visit HTTPS Websites#
Only use HTTPS to access websites, particularly while connecting to open or public networks. An internet communication protocol called HTTPS (Hypertext Transfer Protocol Secure) safeguards the confidentiality and integrity of data exchanged between a user’s computer and a website. End-to-end encryption is offered by websites that use the HTTPS protocol, making it hard or impossible for hackers to monitor your activity while you are on those sites.
Use VPN (Virtual Private Network)#
A Virtual Private Network imitates a private network connection over a public network such as the internet. A VPN protects the security and privacy of the user’s network connection by encrypting his network traffic before sending it over the public network. Encryption refers to converting the data or plain text into an ecrypted format using an encryption key. This encrypted data cannot be understood by external entities unless that data is decrypted using the encryption key. By encrypting the network traffic, a Virtual Private network, therefore, safeguards this information from becoming compromised. Even if the attacker is successful at intercepting the user network communication, he will not be able to do much harm.
Employ Wireless Intrusion Prevention Systems#
Wireless Intrusion Prevention Systems (WIPS) are a tool that organizations can use to thwart evil twin attacks. With the aid of a Wireless Intrusion Prevention System, it is possible to identify and then report the malicious twin networks that attempt to replicate an organization’s access points. These solutions consist of network hardware that searches the entire radio spectrum in the immediate vicinity to look for unauthorized access points.
See also
Do you want to get practical skills to work in cybersecurity or advance your career? Enrol in MCSI Bootcamps