It is the age of wireless technologies, and modern-day devices created around the globe use these wireless technologies to communicate with each other. Wireless technologies have made life so much easier for people as they have enabled everyone to perform their tasks from any place they want. Wireless communication has made it easier for people to talk to other people who are located in far off places. But, just like everything else has a good side and a bad side to it, along with their benefits, wireless technologies also have a bad side to them. Cyber-criminals can use wireless technologies for their advantages and attack people. This blog talks about a particular type of cyber-attack, called an Evil Twin attack, that attackers can use to steal victims’ sensitive information and cause a lot of damage.
Wireless access points are the devices that can be used to connect host devices to a specific local area network or the internet. Different wireless access points use different authentication mechanisms in order to authenticate a wireless device and let it connect to the access point. The authentication protocols used on the access points can be chosen according to one’s needs. Wireless access points are used within millions of people’s homes, and they are also used within several organizations so that the wireless devices being used within the organization can connect to the organization’s network.
Now, imagine if these wireless access points, which have become an integral part of almost all networks, are targeted by cyber-criminals and are taken advantage of to orchestrate a cyber-attack. The Evil Twin attack is created around the idea of compromised wireless access points. In this type of cyber-attack, malicious actors use rogue wireless access points to steal victims’ important and sensitive information. Attackers create an exact copy of an already existing wireless access point, and then lure the victim devices to connect to the fake access point created by the attackers. After the victim devices connect to the fake access point, the hackers start to intercept all the network traffic flowing through the fake access point and perform various man-in-the-middle (MITM) attacks. They use specialized software with which they can sniff network traffic. By sniffing traffic, attackers can read and steal sensitive information being transmitted over the network. The adversaries can also eavesdrop on any communication happening between two or more parties, and steal their messages.
Evil Twin attacks can also be used by threat actors to steal any user credentials that might be getting transmitted over the network. The credentials could be for an online website which the users might be wanting to login into, such as social media websites, online banking accounts, trading websites, or the credentials could be for a VPN service that an employee is trying to use to connect to their organization’s internal network. Evil Twin attacks can be highly devastating if attackers use them properly. Threat actors could also create rogue wireless access points in public places, such as hospitals, hotels, restaurants, airports, etc. and when the unsuspecting users connect to the rogue access points, the attackers could steal all their information as well.
Evil Twin attacks are a great problem to deal with as it can become very hard to detect the very presence of a rogue access point as most of the times they are hidden by the threat actors in the most inconspicuous of places where nobody would be able to discover them. Attackers can also have a rogue access point setup inside a vehicle in which they may be sitting, or they could attach it to a remote controlled toy, such as a flying drone, and make it reach places where no human can even reach.