Cyber Security Institute

Thursday, January 20, 2005

‘Evil twin’ fear for wireless net

People using wireless high-speed net (wi-fi) are being warned about fake hotspots, or access points.  The latest threat, nicknamed evil twins, pose as real hotspots but are actually unauthorised base stations.

Once logged onto an Evil Twin, sensitive data can be intercepted.

“Users need to be wary of using their wi-fi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive or personal nature,” said Professor Brian Collins, head of information systems at Cranfield University.  “Users can also protect themselves by ensuring that their wi-fi device has its security measures activated,” he added.

BT Openzone, which operates a vast proportion of public hotspots in the UK, told the BBC News website that it made every effort to make its wi-fi secure.

“This means that users’ personal information and data, logon usernames and passwords are protected and secure,” said Mr Clark.

In the vast majority of cases, base stations straight out of the box from the manufacturers are automatically set up with the least secure mode possible, said Dr Nobles.

Cybercriminals who try to glean personal information using the scam, jam connections to a legitimate base station by sending a stronger signal near to the wireless client.  “Cybercriminals don’t have to be that clever to carry out such an attack,” said Dr Phil Nobles, a wireless net and cybercrime expert at Cranfield.  “Because wireless networks are based on radio signals they can be easily detected by unauthorised users tuning into the same frequency.”

Although wi-fi is increasing in popularity as more people want to use high-speed net on the move, there have been fears over how secure it is.

http://news.bbc.co.uk/2/hi/technology/4190607.stm