An “Evil Twin” attack is a type of wireless network attack in which a malicious actor sets up a rogue Wi-Fi access point (AP) with a name (SSID) similar or identical to a legitimate access point. The goal of this attack is to deceive users into connecting to the rogue access point, thinking it is the legitimate one. Once connected, the attacker can intercept and monitor the communication between the user and the internet or other network resources.
Here’s how the Evil Twin attack typically works:
- Creation of Rogue Access Point:
- The attacker sets up a rogue wireless access point, which is essentially a device that broadcasts a Wi-Fi signal. This can be a physical device or a software-based implementation on a laptop or other portable device.
- Similar SSID:
- The attacker configures the rogue access point with a Service Set Identifier (SSID) that is either identical or very similar to a legitimate Wi-Fi network that potential victims might be looking to connect to. For example, if the attacker is targeting a coffee shop’s Wi-Fi, they might name their rogue access point “Free_Coffee_Shop_WiFi” or something similar.
- Signal Strength and Positioning:
- The attacker strategically positions the rogue access point to have a strong signal, potentially stronger than the legitimate access point. This makes it more likely that nearby devices will automatically connect to the rogue access point, assuming it to be the legitimate network.
- User Connection:
- Users in the vicinity of the rogue access point may see it as a familiar or enticing network and connect to it, thinking it is the legitimate one. Devices often automatically connect to networks with the strongest signal or a previously saved SSID, making users susceptible to this type of attack.
- Interception of Data:
- Once connected, the attacker can intercept and monitor the data transmitted between the victim’s device and the internet or other network resources. This can include sensitive information such as login credentials, personal messages, or financial transactions.
- Man-in-the-Middle Attacks:
- The attacker can perform man-in-the-middle attacks, where they position themselves between the victim’s device and the legitimate network. This allows them to eavesdrop on the communication, alter data, or inject malicious content into the traffic.
- Phishing Attacks:
- The rogue access point can be used to launch phishing attacks. For example, the attacker might redirect users to fake login pages that closely resemble the legitimate login pages of websites, tricking them into entering their credentials.
- Users can protect themselves by being cautious when connecting to Wi-Fi networks, verifying the legitimacy of the network, and avoiding open or unsecured networks. Additionally, using Virtual Private Network (VPN) connections and ensuring that websites use HTTPS can help encrypt the data transmitted over the network, making it more difficult for attackers to intercept.