Beware of your hotspot's 'evil twin'

IT managers are increasingly worried about hackers preying on remote employees using simulated hot spots, one expert says.

IT managers are really starting to worry about hackers using fake hotspots known as "evil twins" to prey on their...

mobile workers, if Spencer Parker's clients are any indication.

"I'm hearing from a number of enterprise customers that these kinds of threats are picking up," said Parker, product line manager of mobile products for Alpharetta, Ga.-based wireless security firm AirDefense. "They're really scared about this because of their growing mobile workforces. The ability to simulate a hot spot allows an attacker to intercept all the traffic he wants, including online banking and things like that. None one of your information is safe, and it's very simple for an attacker to do this."

Evil twin attacks are similar to phishing scams. While phishing attacks come as legitimate-looking messages from banks and other organizations that trick users into clicking a malicious link, evil twins pose as legitimate hotspots. Users latch onto these unauthorized access points -- which overpower real hotspots -- and leave themselves open to an online mugging, Parker said.

"There's a common misconception that if your IT department puts a personal firewall and AV on laptops and makes people use a VPN, you're protected," Parker said. "Those are great protections, but there's one big problem: Firewalls today aren't designed to look at wireless headers of the packets they inspect. So these types of man-in-the middle attacks go undetected. It's invisible to the firewall."

While wireless products and security measures are continually becoming more advanced, so is the technology hackers use to compromise that security, he said, adding, "The spread of these attacks is directly linked to the lack of education and information about wireless LAN security and threats."

While he recommends IT administrators consider security devices like those his company produces, Parker said they should also, if possible, use tools that incorporate the 802.1x authentication protocol. "A hacker can't get past that strong an authentication," he said of 802.1x.

Dig Deeper on Security Resources



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: