‘Evil Twins’ Wi-Fi threat
p2pnet.net News:- ‘Evil Twin’ hotspots are the new security menace to web users, say researchers at Britain’s Cranfield University, an academic partner of the UK Defence Academy.
“Given the spread and popularity of wireless internet networks – which, according to data research company IDC, is predicted to increase from 7,800 to nearly 22,000 by 2008 – users need to be wary of using their Wi-Fi enabled laptops or other portable devices to conduct financial transactions or anything of a sensitive or personal nature, for fear of disclosing this information to an unauthorised third party,” declares professor Brian Collins, head of the university’s information systems department.
“Web users who use Wi-Fi networks should be on their guard against this type of cyber crime,” says Cranfield Wi-Fi and cyber-crime expert Dr Phil Nobles.
“In essence, users think they’ve logged on to a wireless hotspot connection when, in fact, they’ve been tricked to connect to the attacker’s unauthorised base station,” he says.
“The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client – thereby turning itself into an ‘Evil Twin’. ”
“Once the user is connected to the ‘Evil Twin’, the cyber criminal can intercept data being transmitted, such as bank details or personal information.”
Nor do crooks have to be that clever to carry out such an attack, Nobles states.
Because wireless networks are based on radio signals, they can be easily detected by unauthorised users tuning into the same frequency.
Unwitting web users are invited to log in to the attacker’s server with bogus login prompts and can pass sensitive data such as user names and passwords which can then be used by unauthorised third parties, says Noble, going on:
“This type of cyber crime goes largely undetected because users are unaware that this is taking place until well after the incident has occurred.”
Attacks can also take the form of degrading the performance of the client network or a complete denial of service, he states.
“The attacker can get the victim’s network to collude in the attack so that the degradation in network performance is less likely to be detected.
Collins says users can also protect themselves by making sure their Wi-Fi device has its security measures activated, adding, “In the vast majority of cases, base stations taken out of the box direct from the manufacturer are configured in the least secure mode possible.”
Something you think we should know about? tips[at]p2pnet.net
===================
See:-
tricked -‘EVIL TWIN’ HOTSPOTS ARE A NEW MENACE FOR INTERNET USERS, WARNS CRANFIELD UNIVERSITY, Cranfield University, January 14, 2005
