evil twin

An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge.

An attacker can easily create an evil twin with a smartphone or other Internet-capable device and some easily-available software. The attacker positions himself in the vicinity of a legitimate hot spot and lets his device discover what service set identifier (name) and radio frequency the legitimate access point uses. He then sends out his own radio signal, using the same name as the legitimate access point.

Content Continues Below

To the end-user, the evil twin looks like a hot spot with a very strong signal; that's because the attacker has not only used the same network name and settings as the "good twin" he is impersonating, he has also physically positioned himself near the end-user so that his signal is likely to be the strongest within range. If the end-user is tempted by the strong signal and connects manually to the evil twin to access the Internet, or if the end-user's computer automatically chooses that connection because it is running in promiscuous mode, the evil twin becomes the end-user's Internet access point, giving the attacker the ability to intercept sensitive data such as passwords or credit card information.

Evil twins are not a new phenomenon in wireless transmission. Historically they have been called base station clones or honeypots. What's different now is that more businesses and consumers are using wireless devices in public places and it's easier than ever for someone who doesn't have any technical expertise to create an evil twin. To avoid evil twin network connections, end users should only use public hot spots for Web browsing and refrain from online shopping or banking. To protect corporate data, employees who use wireless devices should always connect to the Internet through a VPN.

This was last updated in April 2015

Continue Reading About evil twin

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Is it ever safe to use a public hotspot?
Depends on what is meant by "safe". Technically it's probably never completely safe, and if you want to protect yourself completely, you're better off staying away from public hotspots. But I'd think there are scenarios where you can have a reasonable expectation of security. Maybe that's wishful thinking, as I appreciate the convenience factor. 
Since I don't keep much personal information on my phone, and since I don't access sites I want to keep 'secure' (bank, credit, etc) over public hot spots or even using mobile browsers, I don't worry about them too much. I suppose when I start reading reports about people using plain old phone info to do terrible things to peoples' lives, I'll worry about it more, but at the moment the risk seems trivial.
Much of this depends on the way that you use your phone/mobile device and what your focus is when you are on WiFi. Me personally, I will leverage WiFi to download email, transfer files, etc. so I can view those things locally. Other than that, I'll just use my Cellular network for anything else.
Not always... It is better to use a hotspot that has WEP encryption or to use a proxy.