“Evil Twin” allows hackers to phish for wireless data

By

Hackers are setting up fake wireless base stations and websites to trick laptop users into giving out sensitive information according to a cyber-crime expert.

The hotspots, known as "evil twins" can be set up quite easily by a criminal and jam the signal of authorized base stations. Once a user has logged onto an "evil twin" their data can be intercepted.


The warning came from Dr Phil Nobles, lecturer at Cranfield University's department of Information Systems in the UK. He said criminals could easily set up a fake hotspot with nothing more than a wireless-enabled laptop and some webserver software downloaded from the internet.

"Cyber criminals don't have to be that clever to carry out such an attack," he warned. He said criminals would have a cache of fake banking websites to garner sensitive data from unwitting hotspot users. Users entering usernames and passwords into the fake websites would receive an invalid password prompt. The criminal would then be able to use the information to steal money from the user.

"It is difficult to defend against these forms of attack," said Nobles. "Users need to look closely at any digital certificates to ensure their authenticity."

Nobles could offer only anecdotal evidence of such attacks taking place, but urged people totake extra care when using hotspots.

Dr. Nobles was due to demonstrate the technique at a talk at London's Science Museum Dana Centre tonight (Thursday January 20).

www.danacentre.org.uk

www.cranfield.ac.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Greater Western Water's billing system data issues laid bare

Greater Western Water's billing system data issues laid bare

Microsoft plans full quantum-resistant cryptography transition by 2033

Microsoft plans full quantum-resistant cryptography transition by 2033

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Log In

  |  Forgot your password?