Evil Twin Hacking

MBA Team

Justin Kline, Alex Polzella, Tzeitel Watson

Prof. T. Josue

MBA 662C

12 Apr 17

Evil Twin Hacking

        Working on a paper for class in a coffee shop, your mind begins to wonder and you access the free and Wi-Fi to check out your Facebook page.  Your mind wondering does not stop there however, you move on to shopping on Amazon, then to your bank account.  Little do you know that you have just exposed sensitive and personal information to a hacker.  Using a cell phone and some simple software the hacker set up an “evil-twin” and hacked not only you, but also others just like you.

What is an evil twin?  In cyber security, it is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point which an attacker can then use to gather personal or corporate information without the end-users knowledge.  Created using an internet-capable device and easily available software, the hacker positions him/herself near a legitimate hotspot in order to discover the service set identifier and radio frequency that the legitimate access point uses.   The attacker then sends out his or her own radio signal using the same name as the legitimate access point.

                Hackers may exploit weaknesses in many ways in order to get their victims to attach to a phony access point (AP) from faked login pages to email phishing.  Fake messages are easy to create and STMP senders are not required to authenticate, according to Lisa Phifer, Vice President of Core Competence, Inc.  Evil twin Wi Fi phishing exploits similar weakness:  “802.11 management packets are easily forged, and APs do not prove their identity.  To make matters worse, laptops, PDAs, and other Wi-Fi devices automatically select and connect to the AP offering the vest signal within a named and wireless LAN.”  The 802.11 is an evolving set of specifications for wireless local areas networks (WLAN).   Users requesting WLAN access from their stations initiate associations to 802.11.  APs send beacons to advertise their presence and stations can listen for these in a passive manner, or the stations may actively send probe requests for all APs within a given extended service set if (ESSID).  

        AP beacon and probe responses carry information about the WLAN, including the APs MAC address.  The station then sends a request to connect based upon signal strength and capabilities.  APs using wired equivalent privacy (WEP) may challenge the station to prove that it knows a shared key, however in most cases the AP returns an authenticate response.  The station and beacon then exchange an associate request/response to establish a connection which lasts until either send a dissociate packet.