Saturday, June 04, 2005

Who's That Masked Man?

No, it's not Zorro. It's an evil scumbag with a fraudulent wireless access point masquerading as your favorite wireless connection. Sound far fetched? Not anymore. Just when you figured out how to wirelessly connect your computer to the internet, now you've got to worry about rogue (read: malicious) wireless hotspots, or Evil Twins.

What's an Evil Twin?

For those of you who finally got around to setting up your super convenient wireless router/access point that allows you to surf and roam about your house without wires, someone else has figured out how to setup an identically named access point that fraudulently "spoofs" your access point. By spoofing or copying the name of your access point, they've created an "evil twin".

Spoofing your wireless access point done by setting up another wireless access point that mimics your wireless access point and uses the same "SSID" or name. The SSID is the "name" of your wireless access point that your computer uses to identify who it is connecting to. The goal of this is to get your computer to connect to this evil twin instead of your intended wireless point.

Think of an evil twin like a fake delivery man. Normally you give your outgoing packages to the local delivery man, and receive your packages from the same guy. Now imagine that someone in a fake uniform came to your door to pick up your packages. You'd give him your letters and packages and he'd take them away. Now imagine that before he delivered the packages, he opened them up, copied any personal information, then delivered them or threw them away. You wouldn't know the difference until it was too late. That's sort of what an evil twin wireless access point it like.

By connecting to the evil twin, your computer will then be passing all of your information through this fraudulent access point. By monitoring this evil twin, the scumbag will be able to steal all your personal information such as your username and passwords.

While the likelihood of someone setting up an evil twin near your house is not as great, it's very possible and more common for dirtbags to setup evil twin wireless hotspots near internet cafes, businesses and on campus.

By setting up an evil twin at the local starmucks cafe, your computer could connect to this evil twin site and before you realized it, you would have typed in your username and password at the fake login screen. All information that you send and receive from this point would be available to the thief.

Wireless connections are typically very insecure. Manufacturers are loathe to make their products more secure by using encryption and other basic security measures for fear of making it too difficult for users to properly setup their wireless access points. So, by default, wireless products have all of their security settings off. So now you're vulnerable to phishing, spoofing, evil twins, and everything on your computer is open for the world to access.

So What To Do?

  • At the very least, turn on your basic wireless encryption protocol- WEP, WPA, etc. You'll need to look up how to do this in your router's manuals.
  • Avoid public wireless hotspots unless they utilize some sort of security protocol.
  • Use a VPN, or Virtual Private Network if your company offers it. There are also some services available on the web the offer VPN services for around $5 a month.
  • Be alert for strange or unusual login screens or activity at public hotspots.
  • Use a firewall such as ZoneAlarm that helps detect rogue networks and defaults to the most protective security setting when it detects new networks.

There are still many security products under development, so keep yourself up-to-date, read my blog, and...

Be aware and paranoid ;)