Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Avoid the Evil Twin Panic

But how did the panic start?

Article comments

Wireless security experts have been bemused in the last few days by a storm of publicity about a new wireless attack: the so-called "Evil Twin" exploit. They puzzle is, why the sudden fuss? The attack is not new; it has been well-known for some time, and there are well-known defences.

Evil twin fever extended to news bulletins in the BBC's Today programme (see the BBC news site) on 20 January. Wireless security companies duly hailed it. "The evil twin menace means that users can no longer assume that if they enter a wireless hot spot that they are connecting to a bona fide wireless internet connection," warned Aruba's David Callisch, never one to miss a good security scare.

Others were more measured: "I believe this is a long-standing set of attacks and exploits, simply wrapped in a new label," said Rich Mironov, vice president of marketing at wireless IDS vendor AirMagnet.

The source seems to have been publicity for a lecture at London's Science Museum, given by Phil Nobles of the University of Cranfield. The man who set the meme off was Ardi Kolah, director of communications at Cranfield: he admits the exploit was known and the term was in circulation before Noble's lecture, but is quietly pleased: "The story's gone as far as New Zealand and India," he said. "I'm entering it for an award."

What is it?
The attack has also been called the "soft AP" attack in the past, and is based on a hacker creating a wireless network with the same name as a nearby wireless network. They have been detected at wireless trade shows and other places.

Once a user is logged onto the Evil Twin network, the hacker can use "man in the middle" attacks to gather passwords when the user connects to commerce sites, or even set up whole duplicates of public web sites.

The attack works because operating systems are "promiscuous": they remember the names of networks they have joined and join them again.

How to avoid it
In fact, it is quite easy to stay clear of evil twins, and the security applications we routinely apply already should keep us clear of them. The latest scare simply a reminder to actually perform the security checks we should be doing anyway.

Firstly, use encryption. Encrypting the wireless part of the connection is always a good idea, using the WEP or WPA standards. "If you have WEP or WPA encryption enabled, , you won’t be able to join an evil network because the key won’t match," says Glenn Fleishman of W-Fi Networking News

However, even without WEP and WPA, routine security methods applied by websites and mail servers should be adequate. They are, after all, designed to secure traffic over an insecure medium - the Internet - and apply equally to an insecure wired connection.

Commerce websites and email sites should allow the option of encryption: "If you use SSL email client connections for POP, IMAP, and SMTP or an SSL-enabled Webmail site, just for instance, you’re secured because an “evil twin” can’t provide false digital certificate information to capture those sessions," says Fleishman.

Linking to corporate email and applications should always be done over VPNs anyway - all IT departments should be able to provide this for mobile workers.

802.1x authentication
Beyond this, authentication will be a boon. Intended to allow networks to prove users are who they say they are, they are also useful to prove networks are authentic: "If you log in over 802.1X, you’ll be warned if you can’t authenticate to a network," says Fleishman. Your laptop will have a digital certificate installed to confirm the identity of any network it attaches to using 802.1x

802.1x is still not widely implemented, but it is available on most enterprise WLAN systems, and is being added to some public hotspot services, although in most cases this will mean upgrading the hardware at the hotspot, since they have been put up with cheap access points, and any upgrade will take some justification given the low revenues at most public hotspots.

Because not everyone has 802.1x in their client software, a hotspot can only put in 802.1x if it can support two wireless networks - one for those who can't do 802.1x (follow this link for more on multiple SSIDs).

However, T-Mobile is rolling out 802.1x to its US hotspots, and including 802.1x in the software it provides for users (it is also built into Windows XP).

"This evil twin problem is practically a call to arms to hotspot operators to take a stand and start an 802.1X migration for their customers’ benefit," comments Fleishman.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *