An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge.Content Continues Below
An attacker can easily create an evil twin with a smartphone or other Internet-capable device and some easily-available software. The attacker positions himself in the vicinity of a legitimate hot spot and lets his device discover what service set identifier (name) and radio frequency the legitimate access point uses. He then sends out his own radio signal, using the same name as the legitimate access point.
To the end-user, the evil twin looks like a hot spot with a very strong signal; that's because the attacker has not only used the same network name and settings as the "good twin" he is impersonating, he has also physically positioned himself near the end-user so that his signal is likely to be the strongest within range. If the end-user is tempted by the strong signal and connects manually to the evil twin to access the Internet, or if the end-user's computer automatically chooses that connection because it is running in promiscuous mode, the evil twin becomes the end-user's Internet access point, giving the attacker the ability to intercept sensitive data such as passwords or credit card information.
Evil twins are not a new phenomenon in wireless transmission. Historically they have been called base station clones or honeypots. What's different now is that more businesses and consumers are using wireless devices in public places and it's easier than ever for someone who doesn't have any technical expertise to create an evil twin. To avoid evil twin network connections, end users should only use public hot spots for Web browsing and refrain from online shopping or banking. To protect corporate data, employees who use wireless devices should always connect to the Internet through a VPN.