Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Evil Twin' Threat to Wireless Security

Posted by michael on from the lives-in-the-attic-and-eats-fish-heads dept.

BarryNorton writes "The BBC are currently reporting on research from Cranfield University on the ability of unscrupulous third parties to spoof wireless networking clients into believing they are connected to a 'valid base station' and compromising their passwords for Internet banking etc. Of course the rest of the connection through the Internet, even from a trusted router, is insecure in any case and such sites should be using end-to-end security like SSL. Is there, therefore, anything (other than the cute name 'evil twin') to this story?"

5 of 222 comments (clear)

  1. Airjack by Megor1 · · Score: 4, Interesting

    http://sourceforge.net/projects/airjack/

    Alls you need

    --
    Everyone that disagrees with me is a paid shill
  2. Expected? by Aurix · · Score: 3, Interesting

    You can never trust what you're connecting to... It's the age old problem, you're asking for anything you get without performing proper encryption between both links.

    Seriously, the only time this problem is going to be fixed is when it's EASY to perform encryption. Where's the easy support for GPG in email clients? SSL in web browsers was certainly a step in the right direction, but what about IM services, email, ftp? Most hosting companies (afaik) don't provide for secure ftp...

  3. Email interception by rednip · · Score: 4, Interesting

    I think that Email Interception is the real hole here, rather than depending on unsecure websites. If you can see at which sites a person does secure transactions, you can use the 'email password' functionality to send that user an unencrypted email containing the password or reset link. That email would be easily read by a packet sniffer. Of course the victim would have to have their email client get the email, but email is the first thing that most people check. Sure the victim would get the password reset email, but most would believe that it is just a glitch.

    --
    The force that blew the Big Bang continues to accelerate.
  4. It's been said before by Baorc · · Score: 3, Interesting

    and I'll say it again, the average person (not average slashdot person) wants things fast and easy. So anything requiring the least effort is the best route for them. And for some people, that is doing banking on a wireless connection without proper encryption. Of course, this is just one of the many problems that exist with doing online banking without taking precautions or cleaning your cookies afterwards. As long as these settings are not done by default for such interactions, there will always be some people to steal from. Quite easily too might I add.

  5. Re:Be careful by It+doesn't+come+easy · · Score: 3, Interesting
    Actually, ANY access point is risky unless you run it yourself (after all, it's a well known fact that all sys admins are voyeurs of the worse sort)

    Seriously, anytime there is a man-in-the-middle, you have the potential of a man-in-the-middle attack. Imagine if you will a surveillance of an individual suspected of being involved in some nefarious political scheme. The individual is known to frequent his local Starbucks in the morning to have a cup of coffee and check his email, stocks, personal chat rooms, etc. A wiretap could watch his every move and he would never know.

    Bottom line, never forget there is NO privacy on the unencrypted internet.

    --
    The NSA: The only part of the US government that actually listens.