Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Mobile

    Evil Twin Hack Dramatizes Wireless Vulnerability

    By
    Jim Rapoza
    -
    January 31, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Thats it. Im ripping out my wireless cards and throwing them in the garbage. I just heard the most terrible thing: According to heavily covered and overly hyped news stories, an insidious new attack method called Evil Twin will make public wireless networks terribly insecure and dangerous.

      Oh, wait a second. We already know that wireless networks arent secure. In fact, weve been saying that since the networks first emerged. And there is nothing more insecure than a publicly accessible and unencrypted wireless network.

      I think the recent stories about Evil Twin fit into the same category as news flashes about sharks attacking swimmers in shark-infested waters.

      For those of you who missed or avoided the many Evil Twin stories, they described a potential hack that was recently disclosed by a group of researchers in the United Kingdom. These researchers found that a high-powered wireless access point could jam a legitimate public access point; the high-powered access point could then pretend to be the public access point, luring users to connect to it (thus earning the Evil Twin moniker).

      By pretending to be, say, an open access point at a popular coffee joint, the Evil Twin would be able to easily log the traffic of connecting users and to steal passwords and information. (This assumes, of course, that the users and the sites they are connecting to never heard of or used encryption.)

      The Evil Twin scenario is somewhat interesting but hardly newsworthy. When I read about it, I thought I might be able to get some widespread news coverage by disclosing my “new” Smooth Jerk attack. Using the Smooth Jerk method, someone could call a new hire, pretend to be “Joe” in IT and get the new hire to give up his or her password information.

      I also find the Evil Twin coverage absurd because the attack being described is so unnecessarily complex. Lets see: Im a malicious guy who wants to steal information from people who are using a public wireless network. I can employ the Evil Twin tactic, which incurs expense, hassles and risk, or I can quietly sit on the network with my laptop and free downloadable tools, sniffing the connections of all the unsuspecting lambs around me. Id definitely go for the latter option (if I were a bad guy, that is).

      I mean, why even bother to spoof a known public access point when people will happily connect to any open access point they can find?

      During the holidays, my wife and I stayed with relatives. To connect to the Internet, I logged on to one of their neighbors open wireless networks. I dont know this neighbor, and, for all I know, he regularly logs in to shadowy sites and chat rooms with the handle 3v1ltw1n (hackerese for Evil Twin).

      But I treat any access point the way I treated the neighbors. Whether Im at Starbucks or sitting in Bryant Park in New York, I connect to a VPN—before doing anything—to encrypt all my traffic.

      For those of us who have been using wireless for a while now, this is standard operating procedure. But a lot of people, both home and business users, dont even know what the risks are. If these people find an open access point, their only reaction is, “Cool, I have an Internet connection!” And off they go, throwing passwords and log-ins around like confetti at a parade.

      The Evil Twin stories basically remind us that, yes, fire is hot, and IT workers should use this reminder to make sure that mobile workers dont get burned.

      /zimages/7/28571.gifClick here for tips on avoiding “Evil Twin” attacks and rogue access points.

      When setting up mobile workers on laptops with wireless capabilities, make sure the users have been properly trained to use a VPN for all Internet connections on unknown networks—wireless or wired. And if you have a work force for whom training isnt always effective, you may want to invest in system management tools that will lock down connections and enforce secure communications.

      Unfortunately, home users dont have an IT person to help them. And they often dont have access to a VPN, something that companies such as Apple and Intel should be providing as part of their wireless bait to attract new customers.

      So, yes, sharks bite, fires burn and wireless networks arent secure—Evil Twins or no. But thanks for the reminder.

      Labs Director Jim Rapoza can be reached at [email protected].

      To read more Jim Rapoza, subscribe to eWEEK magazine.

      /zimages/7/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.

      Avatar
      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×