IT managers are really starting to worry about hackers using fake hotspots known as "evil twins" to prey on their mobile workers, if Spencer Parker's clients are any indication.
"I'm hearing from a number of enterprise customers that these kinds of threats are picking up," said Parker, product line manager of mobile products for Alpharetta, Ga.-based wireless security firm AirDefense. "They're really scared about this because of their growing mobile workforces. The ability to simulate a hot spot allows an attacker to intercept all the traffic he wants, including online banking and things like that. None one of your information is safe, and it's very simple for an attacker to do this."
Evil twin attacks are similar to phishing scams. While phishing attacks come as legitimate-looking messages from banks and other organizations that trick users into clicking a malicious link, evil twins pose as legitimate hotspots. Users latch onto these unauthorized access points -- which overpower real hotspots -- and leave themselves open to an online mugging, Parker said.
"There's a common misconception that if your IT department puts a personal firewall and AV on laptops and makes people use a VPN, you're protected," Parker said. "Those are great protections, but there's one big problem: Firewalls today aren't designed to look at wireless headers of the packets they inspect. So these types of man-in-the middle attacks go undetected. It's invisible to the firewall."
While he recommends IT administrators consider security devices like those his company produces, Parker said they should also, if possible, use tools that incorporate the 802.1x authentication protocol. "A hacker can't get past that strong an authentication," he said of 802.1x.