Hackers Snatch Data From Bogus Wireless Access Points

Gregg Keizer, TechWeb News, 21-Jan-2005

An "Evil Twin" that hijacks unsuspecting wireless transmissions is the latest security bugaboo, academic researchers in the U.K. asserted Thursday.

But the idea is anything but fresh.

The hacking technique is dubbed "Evil Twin" because scammers set up a bogus wireless access point near a legitimate base station that they then jam. Users within range of the sham access point connect to it thinking that it's a real link to the Net.

All the time, however, the information transmitted over the wireless connection is being intercepted by the hackers, who look for passwords, usernames, financial account log-in information, or other confidential data.

Think of it as one big key logger and you get the idea.

"So-called 'Evil Twin' hotspots present a hidden danger for Web users," said Phil Nobles, a wireless and cybercrime expert at Cranfield University in the U.K."Users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorized base station," said Nobles in a statement. "The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client " thereby turning itself into an 'Evil Twin'."

The technique could be potent where public hotspots are in play, such as those offering connections in coffee shops or airports. Public access points typically don't accept encrypted traffic, so users are accustomed to transmitting "in the clear."

"Cyber criminals don't have to be that clever to carry out such an attack," added Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorized users tuning into the same frequency."

Since it happens more or less transparently, users often have no clue they've been duped -- and identities or information compromised -- until long after the fact.

Professor Brian Collins, the head of the information systems department at Cranfield University, chimed in. "Web users who use Wi-Fi networks should be on their guard against this type of cyber crime," he said in an accompanying statement prior to a presentation Thursday evening at London's Dana Center, a science and technology discussion forum.

"Given the spread and popularity of wireless, users need to be wary of using their Wi-Fi enabled laptops or other portable devices to conduct financial transactions or anything of a sensitive or personal nature, for fear of disclosing this information to an unauthorized third party," added Collins.

While the U.K. researchers pressed for users to activate security options in their wireless client to protect themselves, the idea of 'Evil Twin' turns out to be not all that new. Internet Security Systems, for instance, published a wireless FAQ over two years ago that mentions this threat (as well as a host of others.)

ISS dubbed the threat "BaseStation Clone (Evil Twin)," and said it could occur when "an attacker tricks legitimate wireless clients to connect to the attacker's honeypot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station. "

"This may cause unaware users to attempt to log into the attacker's honeypot servers. With false login prompts, the user unknowingly can give away sensitive data like passwords."