Evil twin (wireless networks)

Web Design & Development Guide

Evil twin (wireless networks)


Evil Twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. [1]

This type of Evil Twin Attack may be used by a hacker to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent Web site and luring people there.[2]

A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and a special USB (Universal Serial Bus) thumb drive that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build. A hacker can make their own wireless networks that appear to be legitimate by simply giving their access point a similar name to the Wi-Fi network on the premises. Since the hacker may be physically closer to the victim than the real access point, their signal will be stronger, potentially drawing more victims. The hacker's computer can be configured to pass the person through to the legitimate access point while monitoring the traffic of the victim, or it can simply say the system is temporarily unavailable after obtaining a user id and password.[3]

Several free programs available on the Internet can decode packets to reveal clear-text logins and passwords. Using an Evil Twin attack a hacker is able to harvest Web applications such as email that could send passwords in clear text.

One way that Corporate users can protect themselves from an Evil Twin attack is by using VPN (virtual private network) when logging into company servers. They can also ask the wireless provider to provide the SSID, which is the exact name of the wireless network.They should not send sensitive information such as bank account information or corporate user ids and passwords over a wireless network.[4]

Hackers typically setup Evil twin attacks near free hotspots, such as airports, cafes, hotels or libraries[5]


  1. ^ "Strange Wi-Fi spots may harbor hackers: ID thieves may lurk behind a hot spot with a friendly name." Andrew D. Smith. The Dallas Morning News. Knight Ridder Tribune Business News. Washington: May 9, 2007. pg. 1 Source type: Wire Feed ProQuest document ID: 1267536891 Text Word Count 766 Document URL: [1] (subscription). Retrieved June 6, 2007
  2. ^ "Security Watch. Daniel Wolfe. American Banker. New York, N.Y.: Feb 14, 2007. Vol.172, Iss. 31; pg. 7. (A security firm used an Evil Twin as a test to obtain passwords from attendees at RSA security conference). Source type: Newspaper ISSN: 00027561 ProQuest document ID: 1219496681 Text Word Count 1097 Document URL: [2] (subscription). Retrieved June 6, 2007
  3. ^ "Computer Column." Craig Crossman. Knight Ridder Tribune Business News. Washington: Aug 24, 2005. pg. 1. Source type: Wire Feed ProQuest document ID: 886418531 Text Word Count 761 Document URL: [3] (Subscription). retrieved June 6, 2007
  4. ^ Attorney General Madigan warns computer users about 'Evil twin' attacks at wireless hotspots. US Fed News Service, Including US State News. Washington, D.C.: Jan 17, 2006. News release by Illinois Attorney General. Source type: Wire Feed ProQuest document ID: 975720601 Text Word Count 471 Document URL: [4] (Subscription). retrieved June 6, 2007.
  5. ^ Access Without Authentification: how and why we let anyone surf our wireless."Donna Watkins. Computers in Libraries. Westport: Mar 2006. Vol.26, Iss. 3; pg. 10, 5 pgs. Source type: Periodical ISSN: 10417915 ProQuest document ID: 1000365471 Text Word Count 2618 Document URL: [5] (subscription). retrieved June 6, 2007
  • Jeremy Kirk, 'Evil twin' Hotspots Proliferate', IDG News Service, Apr 25, 2007


Browser exploit
Cross-site cooking
Cross-site request forgery
Cross-site scripting
Cross-zone scripting
Directory traversal
Evil twin (wireless networks)
HTTP response splitting
IDN homograph attack
Referer spoofing
Session fixation
Session poisoning
Website spoofing

Page created in 0.025651 Seconds