Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Evil Twin' Threat to Wireless Security

Posted by michael on from the lives-in-the-attic-and-eats-fish-heads dept.

BarryNorton writes "The BBC are currently reporting on research from Cranfield University on the ability of unscrupulous third parties to spoof wireless networking clients into believing they are connected to a 'valid base station' and compromising their passwords for Internet banking etc. Of course the rest of the connection through the Internet, even from a trusted router, is insecure in any case and such sites should be using end-to-end security like SSL. Is there, therefore, anything (other than the cute name 'evil twin') to this story?"

13 of 222 comments (clear)

  1. Airjack by Megor1 · · Score: 4, Interesting

    http://sourceforge.net/projects/airjack/

    Alls you need

    --
    Everyone that disagrees with me is a paid shill
  2. Seems improbable in practice by wildBoar · · Score: 2, Interesting

    That was my first thought. To properly spoof all the sites so a user is fooled.

    But I suppose key sites you want to capture are all that are required and the rest can be passed through.

    So who wants to get one of these going :-)

  3. Expected? by Aurix · · Score: 3, Interesting

    You can never trust what you're connecting to... It's the age old problem, you're asking for anything you get without performing proper encryption between both links.

    Seriously, the only time this problem is going to be fixed is when it's EASY to perform encryption. Where's the easy support for GPG in email clients? SSL in web browsers was certainly a step in the right direction, but what about IM services, email, ftp? Most hosting companies (afaik) don't provide for secure ftp...

  4. Email interception by rednip · · Score: 4, Interesting

    I think that Email Interception is the real hole here, rather than depending on unsecure websites. If you can see at which sites a person does secure transactions, you can use the 'email password' functionality to send that user an unencrypted email containing the password or reset link. That email would be easily read by a packet sniffer. Of course the victim would have to have their email client get the email, but email is the first thing that most people check. Sure the victim would get the password reset email, but most would believe that it is just a glitch.

    --
    The force that blew the Big Bang continues to accelerate.
  5. Details??? by CommanderData · · Score: 2, Interesting

    TFA has no info on how this is being done. Are the "Cybercriminals" using a regular computer with a wireless card and wired network bridged- forwarding packets and saving a copy for themselves, or are they using a WRT54G with rewritten firmware (OpenWRT?) and to capture packets? Why go through all the trouble when you can park your butt down in the coffee shop with your laptop and latte and sniff everyone directly.

    Also it would seem to me that the "evil twin" method would only work with unsecured access points, unless you know the WEP key for the secured access point you are trying to dupe. Anyone trying to connect to their favorite secured AP with their default WEP key would fail to connect to an "evil twin" unless it had the matching WEP key...

    --
    Urge to post... fading... fading... RISING!... fading... fading... gone.
  6. It's been said before by Baorc · · Score: 3, Interesting

    and I'll say it again, the average person (not average slashdot person) wants things fast and easy. So anything requiring the least effort is the best route for them. And for some people, that is doing banking on a wireless connection without proper encryption. Of course, this is just one of the many problems that exist with doing online banking without taking precautions or cleaning your cookies afterwards. As long as these settings are not done by default for such interactions, there will always be some people to steal from. Quite easily too might I add.

  7. Virtual Private Network by CypherXero · · Score: 2, Interesting

    This is exactly the reason why VPN was created, for situtations like this. Just create a secure tunnel across the internet, and they can't sniff your data.

  8. Re:Be careful by It+doesn't+come+easy · · Score: 3, Interesting
    Actually, ANY access point is risky unless you run it yourself (after all, it's a well known fact that all sys admins are voyeurs of the worse sort)

    Seriously, anytime there is a man-in-the-middle, you have the potential of a man-in-the-middle attack. Imagine if you will a surveillance of an individual suspected of being involved in some nefarious political scheme. The individual is known to frequent his local Starbucks in the morning to have a cup of coffee and check his email, stocks, personal chat rooms, etc. A wiretap could watch his every move and he would never know.

    Bottom line, never forget there is NO privacy on the unencrypted internet.

    --
    The NSA: The only part of the US government that actually listens.
  9. Re:Heard this on BBC World Update this morning by akadruid · · Score: 2, Interesting

    Not only that, but many places work on a large scale subscription model, so you deposit you CC details with BT or T-Mobile, and then log on at any one of dozens of places.

    So the phisher has a an account to wireless network and internet access, and you're paying for it. The phisher then has lots of bandwidth and information to do various other illegal things, with your money and your liability carrying the can for them.

    --
    "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
  10. Re:Be careful by CmdrGravy · · Score: 2, Interesting

    My Dad just bought a wireless kit for his Windows PC and laptop and a few days ago he noticed that even though he had turned off the base station a laptop he was repairing for someone was still somehow accessing the Internet.

    It turns out one of our neighbours is running a totally unsecured wireless system, we can access their wireless router setup page and because they haven't bothered changing the password can muck about with it as much as we like.

  11. Re:I'm teaching a computer class this year... by michaelggreer · · Score: 2, Interesting

    It is not unreasonable to base trust on a brand name. That is indeed the purpose of the brand: otherwise we would have to sort through bins of goods and analyze them carefully with each and every purchase. Which we do sometimes (with fruit), but not with everything. We just don't have time for that and in purchases over the internet, it is impossible. Collective opinion (including websites) is often the basis for this trust. The only thing you can ask of people is that they ask around sufficiently before forming trust.

    Your issue, I think, is actually that people think something is a brand because it has the logo on it. That is, they are too trusting of the logo itself not being counterfeit. I don't know what we should do about that. SSL can tell us that a website is who it says it is, but it can't verify the correctness of a logo or claimed corporate identity.

  12. Re:Yes by Anonymous Coward · · Score: 1, Interesting

    Uhhh, how about the man in the middle connecting to bankofslashdot on behalf of the client and passing the real, valid, cert from bankofslashdot (signed of course by Verisign) back to the client. The client sees a perfectly valid cert, but all traffic is still going through the MIM.

  13. Access Points with teeth by dongkiru · · Score: 2, Interesting

    There's a small SF Bay Area startup that makes specialized wireless access points. You setup a network of the access points. The access points know about all other access points that *should* be there. When it detects another access point that is acting like an "evil twin," the network of access points can not only locate the evil AP to within few meters, but also DOS it with bunch of bad packets to knock it off the network. The CS department in Berkeley uses it. It can also be configured to knock out any non-evil AP if you want to restrict wireless APs in your organization. I don't know the name of the startup as the presentation by CS IT department chose not to disclose the company.