Skip to main content

Evil Twin and Fake Wireless Access Point Hacks: What They Are, How To Defend



Hacking is a term with a wide variety of acts associated with it. Some are incredibly complex and demand a high degree of knowledge, others are little more than installing some software on your device and acting a bit...less than ethically.




One of the most common hacks is also one of the easiest to defend against. This is what is known as a fake wireless access point. Hackers use this tactic to easily steal data of unsuspecting wireless users in public places.




What is a fake wireless access point data theft?

This type of attack has a number of nicknames associated with it: AP Phishing, Wi-Fi Phishing, Hotspotter, Evil Twins, and Honeypot AP. All of these are associated with creating a fake Wi-Fi connection that people log into, and whose goal is to steal credentials, logins, and passwords.




To accomplish this, hackers simply use a piece of software, or app, that is designed to capture data that is sent over a wireless connection. Examples of software that is sued during a fake Wi-Fi attack includes:



  • AirSSL 
  • AirJack 
  • Airsnarf 
  • Dsniff 
  • Cain 
  • void11 




No matter which apps are used, the key to it all is setting up a wireless connection that people will want to connect to. When they go to connect to the wireless point they likely won’t suspect a thing. Why? Because this tactic is used most often in public areas.




If you were to go into your local Starbucks, sit down with your mochalatte venti with cream and sugar pumpkin spice, and open up your tablet, finding a connection labelled ‘Starbucks Free WiFi,’ you’d probably connect in a heartbeat (on which is quicken by caffeine, at that). The same goes if you’re on a layover at JFK and you see a connection labelled ‘JFK Free Wi-Fi.- You wouldn’t think twice. That’s what the hackers are counting on - you not thinking.




How is your data stolen during a fake wireless access point theft?

How your most important data is stolen is a little shocking - you give it to them. A large percentage of these hacks take place with a fake wireless point that requires a login and password. Once that information is put into the login, hackers will take it and use it to sign into popular websites, assuming that you use the same login and password for multiple sites.




When your online accounts start showing charges that you didn’t initiate, or if your social media account is taken over, you could be the victim of a fake wireless access point data theft.




How to defend against an ‘Evil Twin’ attack?

There are a number of ways to defend against it, I’ll look at some easy to understand examples:
The best defence is to always verify with the wifi provider. Ask the Starbucks staff what their wi-fi is called, it can save you a massive headache. Always remember - if a deal seems too good to be true, like free wifi, it probably is.
Use different login details and passwords for public wifi.
Disconnect auto-connect when you’re in unfamiliar territory.
Be cautious when connects suddenly disconnect, especially if it happens for everyone on the network. An app known as aireplay is capable of disconnecting users from wifi, hoping that they’ll reconnect to their fake wifi.
Be cautious of certificates. Good websites can occasionally send you one, but if this happens over a public wifi that you don’t know, it is best to back off.
If a wifi hotspot is interfering with your VPN, forcing you to shut it down, that is a HUGE red flag. A VPN is a great defence against this attack, and hackers know it. Forcing your VPN to disable when you’re trying to connect is the only way that they can steal your data.

That last point is one I want to look at further. A VPN can be a great defence against this type of attack because it encrypts all of the data that you send out. With this data being encrypted, even when you create your login and password with the fake wifi, your data can not be stolen because it can not be deciphered.




A last option that I’ll suggest is using SSL-protected apps. These do take more care and thought to use, but they will offer you protection that is similar to a VPN. Some hackers have even found a way around SSL protection ( the BREACH method), so you may want to explore using this with a secondary defensive measure.




The overall advice is to be cautious and verify before you connect. People look at me weird all the time when I ask for the correct wifi name that I should use to connect to. I’ve never been the victim of an ‘Evil Twin’ attack...I’ll take a funny look or two!

Comments

Post a Comment

Popular posts from this blog

Sharecash Downloader | Bypass Surveys and Download from Sharecash

Sometimes when your looking for the right file and when you have found it,you end up with a sad note because you realize that its a SHARECASH Link.So now,this is the tool which your looking for.To know more about this tool let us see what it actually does. What does the Sharecash Downloader Do ? This auto downloader bypasses the sharecash server by using a premium account and gives you the direct link for the sharecash download.But the important thing to be noted here that in Normal Sharecash you have to finish the survey which takes nearly 10 minutes.But this will get you the the sharecash files download link in seconds ! If your too lazy I have an alternate for you !! I'll Download the Sharecash files for you !! How to use Sharecash Auto Downloader ? It is quite self explanatory to use this tool.Some times you might have a mirror for your Sharecash file.For ex. http://fileups.net/1g9Xe.So in order to convert this link into the original sharecash link for ex. http://sh...
55 comments
Read more

What is Autosys ?

Introduction to Autosys Autosys is an automated job control system for scheduling, monitoring, and reporting. These jobs can reside on any Autosys-configured machine that is attached to a network. An AutoSys job is any single command, executable, script, or Windows batch file. Each AutoSys job definition contains a variety of qualifying attributes, including the conditions specifying when and where a job should be run. Defining Jobs : There are the two methods you can use to create job definitions: ¦ Using the AutoSys Graphical User Interface (GUI). ¦ Using the AutoSys Job Information Language (JIL) through a command-line interface. Autosys Jobs: Job Types and Structure : There are three types of jobs: command, file watcher, and box. As their names imply, command jobs execute commands, box jobs are containers that hold other jobs (including other boxes), and file watcher jobs watch for the arrival of a specif...
3 comments
Read more

How to hack / reset Nokia Mobile Phone Code

This trick works with most of the Nokia phones but exceptions may be there. By this method you can get the master code of the Nokia phone . These master codes are unique for each phone and can be used in place for the security / phone code . This way if you have forgotten your Security code then you can reset it with this Master code. Following are the steps: Get the IMEI number of the phone by pressing *#06# on your phone. Go to http://www.nokialockcode.com/calculate.php Enter the IMEI number and press generate. Congrats! You have the master code. Enjoy :) Supported Nokia Phones: 2100, 3110, 3210, 3310, 3315, 3330, 3350, 3390, 3410, 3610, 5110(i), 5130, 5190, 5210, 5510, 6080, 6110, 6130, 6138, 6150, 6190, 6210, 6250, 7110, 8210, 8250, 8290, 8850, 8855, 8890, 9110(i), 9210(i), 9290, 3100(b), 3108, 3120, 3200(b), 3220, 3230, 3300, 3360, 3510(i), 3530, 3590, 3595, 3600, 3650, 3660, 5100, 5140(i), 6020, 6021, 6100, 6101, 6108, 6200, 6220, 6230(i), 6260, 6310(i), 6500, 6510,...
2 comments
Read more