Hackers Snatch Data From Bogus Wireless Access Points - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
1/20/2005
02:13 PM
50%
50%

Hackers Snatch Data From Bogus Wireless Access Points

Security researchers warn against a hacking technique in which scammers set up a bogus wireless access point near a legitimate base station that they then jam.

An "Evil Twin" that hijacks unsuspecting wireless transmissions is the latest security bugaboo, academic researchers in the U.K. asserted Thursday. But the idea is anything but fresh.

The hacking technique is dubbed "Evil Twin" because scammers set up a bogus wireless access point near a legitimate base station that they then jam. Users within range of the sham access point connect to it thinking that it's a real link to the Net. All the time, however, the information transmitted over the wireless connection is being intercepted by the hackers, who look for passwords, usernames, financial account log-in information, or other confidential data.

Think of it as one big key logger and you get the idea.

"So-called 'Evil Twin' hotspots present a hidden danger for Web users," said Phil Nobles, a wireless and cybercrime expert at Cranfield University in Bedfordshire.

"Users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorized base station," said Nobles in a statement. "The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client " thereby turning itself into an 'Evil Twin'."

The technique could be potent where public hotspots are in play, such as those offering connections in coffee shops or airports. Public access points typically don't accept encrypted traffic, so users are accustomed to transmitting "in the clear."

"Cyber criminals don't have to be that clever to carry out such an attack," added Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."

Since it happens more or less transparently, users often have no clue they've been duped -- and identities or information compromised -- until long after the fact.

Professor Brian Collins, the head of the information systems department at Cranfield University, chimed in. "Web users who use Wi-Fi networks should be on their guard against this type of cyber crime," he said in an accompanying statement prior to a presentation Thursday evening at London's Dana Center, a science and technology discussion forum. "Given the spread and popularity of wireless, users need to be wary of using their Wi-Fi enabled laptops or other portable devices to conduct financial transactions or anything of a sensitive or personal nature, for fear of disclosing this information to an unauthorized third party," added Collins.

While the U.K. researchers pressed for users to activate security options in their wireless client to protect themselves, the idea of 'Evil Twin' turns out to be not all that new.

Internet Security Systems, for instance, published a wireless FAQ over two years ago that mentions this threat (as well as a host of others.)

ISS dubbed the threat "BaseStation Clone (Evil Twin)," and said it could occur when "an attacker tricks legitimate wireless clients to connect to the attacker's honeypot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station. This may cause unaware users to attempt to log into the attacker's honeypot servers. With false login prompts, the user unknowingly can give away sensitive data like passwords."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll