'Evil Twin' Haunts Wi-Fi UsersBy Matthew Broersma | Print
Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame
At a London event, security experts will highlight the dangers of wireless networking, focusing on an attack called "Evil Twin" that steals vital data from users of public Wi-Fi hot spots.An IT security expert, an academic and the U.K. government's cybercrime unit will give Londoners an introduction to the security dangers of wireless networking on Thursdaywith the star of the show being an attack method dubbed the "Evil Twin."
The Evil Twin is essentially a wireless version of a phishing scamusers think they're connecting to a genuine hot spot but are actually connecting to a malicious server, which can then extract information such as bank details. The attack can be carried out by anyone with the right equipment in the vicinity of a legitimate base station, according to Dr. Phil Nobles, wireless Internet and cybercrime expert at the U.K.'s Cranfield University.
"The [malicious base station] jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client, thereby turning itself into an 'Evil Twin,'" Nobles said in a statement. Users are invited to connect via a fake log-in prompt, he said. Nobles will be demonstrating this and other attack methods at the Science Museum in London.
The popularity of Intel Corp.'s Centrino chip for wireless laptops has played a big part in popularizing Wi-Fi, according to industry observers. Intel this week introduced a new Centrino with additional wireless security features, including built-in support for Cisco-compatible extensions for WPA (Wi-Fi Protected Access).
Several security standards coming through the pipeline, such as WPA2, are designed to make enterprises more comfortable with using wireless networks. T-Mobile is introducing strong, 802.1x-based authentication and encryption across its network of 4,700 U.S. hot spots for the same reason.
Check out eWEEK.com's for the latest news, reviews and analysis on mobile and wireless computing.