Evil Twin Router

What is an Evil Twin Router?

Evil twin Router is a rogue Wi-Fi access point that appears to be a legitimate one, but actually as seen set up to eavesdrop on wireless communications. This type of evil twin attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web- site and luring people there. Nowadays almost everybody with a PC/Smartphone can create an Evil Twin. They need just the right tools and a good internet connection.

Why it is dangerous?

It is dangerous because to the end-user, the evil twin looks like a hot spot with a very strong signal; that’s because the attacker has not only used the same network name and settings as the “good twin” he is impersonating, he has also physically positioned himself near the end-user so that his signal is likely to be the strongest within range. If the end-user is tempted by the strong signal and connects manually to the evil twin to access the Internet, or if the end user’s computer automatically chooses that connection because it is running in promiscuous mode, the evil twin becomes the end user’s Internet access point, giving the attacker the ability to intercept sensitive data such as passwords or credit card information.

How to detect it?

Let’s say you are traveling from a country to another and as soon as you arrive at the airport you take out your laptop, you search for public hotspots and you see two AP with the same name “Airport 1” and “Airport 1”. How can we tell which one is the legitimate one?

Unfortunately, there is not an easy way to detect Evil Twin. Most attempts to detect an evil twin attack are geared towards the administrator of a network where they basically have the authorized network admins scanning and comparing wireless traffic. But don’t panic. There is also a well-developed tool called “EvilAP_Defender” (https://github.com/moha99sa/EvilAP_Defender/wiki) which “promises” to detect and DOS the Evil Twin (note: this tool is provided as is so it may/may not work.)

Article provided by Agron Muharemi

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.