Users of Wi-Fi access points in cafes, airports and other public venues have been warned that “Evil Twin” attacks are on the rise by the president of the UK branch of the Information Systems Security Association, Phil Cracknell.

How the Evil Twin attack works is that a hacker sets up their own wireless access point in parallel to the access point offered by the venue. The Evil Twin network may have a name that is deceptively similar to the name used by the venue’s network.

When users attempt to login to the venue’s Wi-Fi network, they instead login to the hacker’s network. This allows the hacker to monitor network traffic and decode packets to obtain clear text login details and other confidential information. Some web-based email accounts are vulnerable to this kind of attack.

“You are going to harvest some incredible information in a short span of time with a rogue hot spot,” Cracknell told the IDG News Service.

Cracknell said that this kind of attack is far easier to engineer than phishing, and that it is far harder to trace since the network can be turned off in an instant.

For all you know, the hacker running the Evil Twin network could be that harmless-looking middle-aged nerd sitting at the next table browsing TECH.BLORGE.com.

Banking details and other information that is encrypted before it is sent should be safe from this kind of attack, since only clear text information can be easily intercepted. Corporate users using a virtual private network (VPN) should also be protected from this kind of attack.

Cracknell advises consumers to be careful when using free wireless hotspots, noting that many airports and cafes usually charge for the service.

Related:

Entry was posted on Wednesday, April 25th, 2007 at 11:48 am under Security.

Read more entries by John Pospisil.
Stumble It!