News Stay informed about the latest enterprise technology news and product updates.

Beware of your hotspot's 'evil twin'

IT managers are increasingly worried about hackers preying on remote employees using simulated hot spots, one expert says.

IT managers are really starting to worry about hackers using fake hotspots known as "evil twins" to prey on their...

mobile workers, if Spencer Parker's clients are any indication.

"I'm hearing from a number of enterprise customers that these kinds of threats are picking up," said Parker, product line manager of mobile products for Alpharetta, Ga.-based wireless security firm AirDefense. "They're really scared about this because of their growing mobile workforces. The ability to simulate a hot spot allows an attacker to intercept all the traffic he wants, including online banking and things like that. None one of your information is safe, and it's very simple for an attacker to do this."

Evil twin attacks are similar to phishing scams. While phishing attacks come as legitimate-looking messages from banks and other organizations that trick users into clicking a malicious link, evil twins pose as legitimate hotspots. Users latch onto these unauthorized access points -- which overpower real hotspots -- and leave themselves open to an online mugging, Parker said.

"There's a common misconception that if your IT department puts a personal firewall and AV on laptops and makes people use a VPN, you're protected," Parker said. "Those are great protections, but there's one big problem: Firewalls today aren't designed to look at wireless headers of the packets they inspect. So these types of man-in-the middle attacks go undetected. It's invisible to the firewall."

While wireless products and security measures are continually becoming more advanced, so is the technology hackers use to compromise that security, he said, adding, "The spread of these attacks is directly linked to the lack of education and information about wireless LAN security and threats."

While he recommends IT administrators consider security devices like those his company produces, Parker said they should also, if possible, use tools that incorporate the 802.1x authentication protocol. "A hacker can't get past that strong an authentication," he said of 802.1x.

Dig Deeper on Information security policies, procedures and guidelines

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Wow, this is still a problem today.  I've been at restaurants where a slightly misspelled router looks like the one that belongs int he restaurant.  makes me happy I have data plans for my cell phones.
That’s one benefit to using vendor-specific hotspots, such as those implemented by AT&T or Comcast, rather than an open Wi-Fi hotspot setup by some barista with a minimum of technology skills. Still, it doesn’t mean that a user won’t connect to an evil twin, only that they are less likely to do so.