Hackers Snatch Data From Bogus Wireless Access Points - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:13 PM

Hackers Snatch Data From Bogus Wireless Access Points

Security researchers warn against a hacking technique in which scammers set up a bogus wireless access point near a legitimate base station that they then jam.

An "Evil Twin" that hijacks unsuspecting wireless transmissions is the latest security bugaboo, academic researchers in the U.K. asserted Thursday. But the idea is anything but fresh.

The hacking technique is dubbed "Evil Twin" because scammers set up a bogus wireless access point near a legitimate base station that they then jam. Users within range of the sham access point connect to it thinking that it's a real link to the Net. All the time, however, the information transmitted over the wireless connection is being intercepted by the hackers, who look for passwords, usernames, financial account log-in information, or other confidential data.

Think of it as one big key logger and you get the idea.

"So-called 'Evil Twin' hotspots present a hidden danger for Web users," said Phil Nobles, a wireless and cybercrime expert at Cranfield University in Bedfordshire.

"Users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorized base station," said Nobles in a statement. "The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client " thereby turning itself into an 'Evil Twin'."

The technique could be potent where public hotspots are in play, such as those offering connections in coffee shops or airports. Public access points typically don't accept encrypted traffic, so users are accustomed to transmitting "in the clear."

"Cyber criminals don't have to be that clever to carry out such an attack," added Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."

Since it happens more or less transparently, users often have no clue they've been duped -- and identities or information compromised -- until long after the fact.

Professor Brian Collins, the head of the information systems department at Cranfield University, chimed in. "Web users who use Wi-Fi networks should be on their guard against this type of cyber crime," he said in an accompanying statement prior to a presentation Thursday evening at London's Dana Center, a science and technology discussion forum. "Given the spread and popularity of wireless, users need to be wary of using their Wi-Fi enabled laptops or other portable devices to conduct financial transactions or anything of a sensitive or personal nature, for fear of disclosing this information to an unauthorized third party," added Collins.

While the U.K. researchers pressed for users to activate security options in their wireless client to protect themselves, the idea of 'Evil Twin' turns out to be not all that new.

Internet Security Systems, for instance, published a wireless FAQ over two years ago that mentions this threat (as well as a host of others.)

ISS dubbed the threat "BaseStation Clone (Evil Twin)," and said it could occur when "an attacker tricks legitimate wireless clients to connect to the attacker's honeypot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station. This may cause unaware users to attempt to log into the attacker's honeypot servers. With false login prompts, the user unknowingly can give away sensitive data like passwords."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll