The Evil Twin Attack is a malicious attack that is commonly carried out on wireless access points.
This attack occurs when an attacker takes advantage of a fundamental flaw in Wi-Fi, namely that our laptops, cellphones, and other connected devices are unable to discriminate between two radios broadcasting the identical SSID name. This enables hackers to exploit malicious Access Points (APs) to eavesdrop on traffic, create “man-in-the-middle” (MitM) positions, and collect sensitive data, all while leaving no trace.
A person’s client device (upper image) connects to a legitimate Access Point in a standard Wi-Fi connection. When an Evil Twin Access Point is present, a threat actor broadcasts the same SSID (and, in many cases, the same BSSID or MAC address of the SSID) as the legitimate AP to trick the device into connecting (lower image).
What can you do to avoid AP attacks from the Evil Twin?
Wireless intrusion prevention systems (WIPS) can detect the presence of an evil twin AP and prevent managed corporate clients from connecting to it. You should also use a Personal Security Key (PSK) to protect access points and make them available to employees and customers.
For End-Users:
However, because the SSID appears legitimate and the attackers typically provide Internet service, an evil twin AP is nearly impossible to detect for ordinary Wi-Fi users. In most cases, using a VPN to encapsulate the Wi-Fi session in another layer of security is the best way to stay safe on unfamiliar Wi-Fi networks. These best practices can still be followed:
- Avoid using public free WiFi at all costs.
- Never connect to an open WiFi access point without first confirming that it is legitimate.
- On all wireless devices, disable the auto connect feature and promiscuous mode.
- Inquire about the official name of the establishment’s hotspot, as well as any security keys that may be available. Inadvertently press the wrong key. No matter what key is entered, some evil twins will grant access to the hotspot.
- Don’t use public Wi-Fi to log into any accounts. The hacker will be unable to steal your credentials and use them against you in this manner.
- Don’t connect to Wi-Fi hotspots that say ‘Unsecure,’ even if the name sounds familiar.
