Saturday, February 02, 2013

Evil Twin Attacks

The risks of the Evil Twin network

*       The owner of the rogue connection network possessing the same SSID can launch man-in-the-middle (MITM) attacks to intercept any data that is exchanged to and from the device.

*     Free programs over the Internet give the attacker the ability to decode web access packets to reveal login IDs and passwords in clear text.

*    The attacker can gain control over email accounts and social networks, scan the contacts list, view text messages and more.

*    An attacker can also send a spoof SMS that claims to be from someone on the contacts list of the device.

*    The attacker can trick the user into visiting a page that looks genuine, but is actually a page that phishes for personal and financial information.

*    The attacker can install key-loggers on your device, that will send him whatever keys you press on your keyboard, including your passwords and credit card information.

How to avoid Evil Twin attacks

Unfortunately, smartphones do not have an option to disable active probing for wireless networks. The best solution to avoid such attacks is to simply turn the WiFi OFF when one leaves the security of home or office networks. This is a simple one-step process on most devices so there can be no excuses here. Alternatively, one can also make use of an application that turns the WiFi ON/OFF in specific geographical locations.

Additionally, always remember to turn your WiFi OFF when there are no active networks in range, in order to avoid such attacks.

No comments:

Post a Comment