An evil twin access point as described in a Network World article is a
Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers.
In reality, if the goal is to just eavesdrop, then the attacker doesn’t need a evil twin access point. Sniffing wireless traffic can be done passively using free tools and the users of the wireless network would never know.
Evil twin access points are more likely to exist when the attacker is planning a more sophisticated attack such as a man-in-the-middle (MITM) attack. The evil twin access point would by used by the attacker to get between a secure communications channel without the user knowing.
It is almost impossible for standard client security tools to detect MITM attacks because they are usually tracking layer 3 events and most of the action for a wireless MITM attack occurs at layer 2.
MITM implementation examples from Wikipedia below.
dsniff – A tool for SSL MITM attacks
Ettercap – A tool for LAN based MITM attacks
Karma – A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
AirJack - A tool that demonstrates 802.11 based MITM attacks
If you liked this post, subscribe using below
Filed under: WLAN Security