Evil Twin Attacks Threat To Wireless Devices Information Technology Essay
Wireless Fidelity connections to the Internetwork have provided near limitless computing convenience for business and private users. These networks are easy to use and have a large variety of devices that can connect. However, wireless connections can be more damaging to network security and user privacy than their fellow wired connections. Although secure wireless connections can limit risk involved when connecting devices to a Wi-Fi network, many of today’s Wi-Fis are unsecured. Today, phishers move to wireless connections to trick users’ to give their personal information. Wi-Fi networks are vulnerable to a variety of threats including the evil twin attack where an adversary clones a client’s preset Set Service Identifier (SSID) for identity theft or any other malicious activity. The abstract should be on its own page
This paper research focuses in evil twin attacks on wireless networks. This attack evolves from traditional phishing attacks and is well known as the wireless version of email phishing scams. As wireless networks gained popularity in recent years, phishers engineered ways to conduct a variety of malicious activities in Wi-Fi networks. An evil twin attack is straightforward to performed, and it might only need the client’s wireless network interface card (NIC) enabled. Very few solutions exist today, and most of them protect only corporation wireless clients to a certain extent. Although no personal protection has been developed, this paper tries to give the user with an understanding on how to provide some level of protection.
Personal protection has become an important aspect of today’s cyberspace. Many of us connect to Wireless Fidelity (Wi-Fi) without knowing what specific threats one is vulnerable. The list of vulnerabilities is large by nature, and most of these ignored by users. In this case, by reading this paper one can better define and protect from evil twin attacks on Wi-Fi access points. Starting with simple definitions, this paper tries to set the reader with a solid understanding of the topic. A little of history is introduced to let one reflect on how these attacks are spreading throughout Wi-Fi access points. Real-life examples presented to demonstrate the true impact these identity-based attacks have in our society. Current solutions to this threat are introduced with an emphasis on how these technologies tend to be costly, difficult to implement and maintain, and ineffective at some level for personal use. A series of easy, flexible, and effective practices introduced to help Wi-Fi users protect themselves against malicious hackers.
Evil twin attacks: where they come from?
An evil twin is a wireless version of the phishing. The term phishing is a variant of fishing, because attackers are “fishing” for victims. First used in 1996 by a group of online hackers seeking free Internet service from AOL. Due to the “phishers” high success rate, the term gained popularity as the media cited it. In 2001 E-Gold, became the first experiment against payment systems for phishers. Although this attack had no success, phishers came to realize attack feasibility. Right after, in 2004, phishing attacks formed part of the economy of crime. Phishers continued to attack computer users by soliciting information via email, instant messenger (IM), and misleading websites. As people became more aware of these attacks, phishers needed to change their phishing techniques. As phishing success rates were dropping spear phishing, and whale phishing were born. Spear phishing, nothing more than targeting select groups of people with something in common. Whale phishing is an attack directed specifically at senior executives and other high profile targets within businesses. As Myspace and other social media sites gained popularity, phishers moved their efforts to attack these sites. Personal information in such sites leads to identity theft. As Wi-Fi networks spread around the country, hackers use this growth to trick users on giving their information. As early as 2005, security experts transmitted warnings to wireless users about the evil twin threat to identity theft.
What are Evil Twin attacks?
An evil twin in wireless tries to trick users to connect to Wireless Fidelity (Wi-Fi) by posing like a legitimate Internet provider or wireless network. Evil twin attacks have a variety of malicious purposes including malware injection or identity theft. Users connect to Wi-Fi access points (AP) referencing the network Set Service Identifier (SSID). In this case, a hacker can deploy an AP near the cyber cafe Wi-Fi. Users’ wireless client will automatically connect to the preset wireless network on the wireless client. The wireless device itself will connect to the wireless AP that has the strongest signal. If the attacker’s AP possess the strongest signal, user devices will then connect to the evil twin. In some cases, the evil twin AP does not have to provide Internet access; instead, it can act like one’s mobile Internet provider. It will then ask for username/password or credit card information in order to allow Internet access as if were connecting to a valid Internet provider.
How the attack is performed?
The attack itself is not hard to achieve. Require no special hardware to perform these attacks. The evil twin AP might be the person’s next to you using his/her laptop computer. It can also be someone using an iPhone hacking application. It will of course have the strongest signal as one is sitting next to the attacker. No one tries to connect to a Wi-Fi that has a weak signal. The attacker does not have to pretend to be someone else Wi-Fi. It can use attractively wireless connection names such as linksys, Cafe_Wi-Fi, FREE_ACCESS, and others. In this case, the user manually makes the wireless connection. For evil twin attacks to succeed, the user needs to make the connection manually every time or save the SSID as trusted and tell the wireless device to connect every time it sees that SSID. In the case of connecting wireless devices to our home Wi-Fi, most users have them connect automatically. The hacker can then setup an evil twin AP using someone’s home Wi-Fi SSID. Although that person could be miles away from his home’s Wi-Fi, his Blackberry will connect to the evil twin thinking is connecting to his home Wi-Fi. Home’s Wi-Fi on wireless devices is configured to be trusted. Given this configuration, the attacker can collect a bunch of user’s personal information. Most users’ main concern is to have an Internet connection. Few of them will verify why and where they are connected. This makes the attack successful as users’ are up for convenience and simplicity.
Current Defensive Solutions
Very few solutions exist today, and most of them protect only corporation wireless clients to a certain extent. Presently, most individual users only know not to trust public wireless networks. The vast majority of the population has never heard of the term “evil twin attack” on wireless networks. Corporations within their physical infrastructure deploy mechanisms to detect unauthorized access points (AP). Although is a step ahead migrating the threat, wireless clients still vulnerable when they leave the corporation’s physical infrastructure. When the device leaves the corporation’s wireless infrastructure, these are prone to a certain extent, to the same attacks as anyone else. Gonzales, Bauer, Lindqvist, McCoy, and Sicker (2009), studied the possibility of preventing evil twin attacks given Wi-Fi network locations. This technique analyzes all the signals produced around the trusted Wi-Fi network and records its findings for later use. When the wireless client tries to connect to the network it verifies the signals produced on that location and determines its authenticity based on prior data collected. This technique seems to provide some level of protection, but it also has its limitation. It does not work on a multi access point (AP) Wi-Fi network. In the case of a home Wi-Fi, it will be an ideal solution since most homes Wi-Fi consist of one wireless router. Song, Yang, and Gu (2010), propose a new technique to detect evil twin attacks. They propose to analyze Internet packets route to determine if the wireless client is connected to an evil twin access point (AP). This solution seems to be feasible although the wireless client needs to connect to the AP to determine its authenticity. This might not be a practical solution for various reasons. For example, this will not provide any protection if one needs to enter an username and password to access a Wi-Fi Internet provider. The same will happen if one is required to provide credit card information to prepay Internet access.
It is important to understand that protection against evil twin attacks could be hard to achieve. Few solutions exist today, and most of them do not address individual needs. Wireless users should consider disabling wireless network interface cards (NIC) when not using them. This can be done by pressing the wireless connection bottom on a laptop computer. When using a different device other than a laptop computer, you will have to disable Wi-Fi capability by going through the device settings. When connecting to a Wi-Fi network, always be sure to look for suspicious signs that might not look normal. Never select the option to connect automatically to a Wi-Fi network. Always connect manually ensuring you are aware where you are connecting. Always see if the Wi-Fi network is secure or unsecure. For example, if you are used to connect to “Starbucks-W-Fi” which uses encryption but this time it does not use encryption, it might be a sign of an evil twin waiting for a user to connect to it. Secure Wi-Fi networks provide better protection over those that are not secure. Unsecure Wi-Fi networks are tend to be attacks preference since they are easy to implement. Never enter information unless the browser is providing a secure connection. For example, always verify the address typed on the address bar. Sometimes typos can take you to a spoofed website that will collect the information entered as if you were on the authentic website. Ensure web browser connection by checking whether the connection is unsecure “http://…” or secure https://…” on the address bar. Be vigilant, do not take things for granted, and always confirm your connections.
Given the success of Wi-Fi networks, wireless clients are vulnerable to a variety of threats such as the evil twin attack. This attack evolves from traditional phishing attacks and is well known as the wireless version of email phishing scams. The attack requires no special equipment and is easy to implement. Although few solutions exist today, most of them are designed to work on corporation wireless devices. Two solutions were discussed with emphasis on their limitations. Users can protect themselves by disabling their wireless network interface card (NIC) when not connected to a wireless network. Users should also connect to Wi-Fi networks manually and avoid setting up the device to connect automatically. When entering information on the web one should always check the address bar to determine whether the web browser connection is secure or not. The most powerful thing for the user to remember is to be vigilant, do not take things for granted, and always confirm connections. Make sure to limit details in the conclusion. Keep it succint.
Luis- You are a strong writer and this was a very interesting subject. What would improve this work is citing within the paragraphs according to correct APA or MLA style.