• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Dear Journal and the Evil Twin Access Point

May 30, 2018 By Milena Babayev

dear-journal-evil-twin-access-point
Dear Journal,

It’s 7 o’clock in the morning and I don’t know about you, but I slept like a baby last night, and I didn’t even need Melatonin. Fully charged (no pun intended), I’m ready to rock-’n’-roll today and take a ride on the red double-decker bus. I’ve waited my entire life for this, it’s a UK icon. London buses were not always red. Before 1907, different routes had different-colored buses. Who knew?!

While we’re waiting for my owner to get ready and he sure is taking his time – COME ON BUDDY, the socks that you’re wearing now are JUST FINE – here are some other fun facts, but this time around wireless security:

  1. Did you know that 94% of travelers cite Wi-Fi as the most important amenity? My traveling companion is also probably part of the 75% of people that say one week without Wi-Fi would leave them grumpier that one week without coffee.
  2. How did people live without Wi-Fi before? Wi-Fi was only first ratified by the IEEE in 1997 with the 802.11 standard and products were released to the general public by 1999. The 802.11 standard lead to the creation of billions of Wi-Fi enabled devices.

Oops, got a little carried away and didn’t realize that we just arrived at our destination and of course, my owner immediately joins a wireless network at one of the best coffee shops in London, called the AMT Coffee. From the research that we did before coming here, it’s surprisingly hip. As he takes a sip of their rocket-fuel strong espresso, he does the usual – checks his emails, reads CNN, and then I see the guy next to us typing www.bankofamer… and I’m about to lose my cool. Online banking on an open network? In a random coffee shop? Is he crazy?! This is a big NO. There are data thieves everywhere. And one big red flag that I noticed right away, because I’m a Wi-Fi Ninja, is that it’s not really their access point (AP) that he connected to. Oh boy!

When you connect to an evil twin access point that impersonates the real AP’s Wi-Fi network name and unique hardware address, it puts users like him at risk of losing private documents that may contain highly sensitive information – like bank information – to cyber thieves who opportunistically intercept data being sent through the network.

Before this guy does any more damage, his lunch companions arrive to save the day. Tomorrow, we’re off to Spain. Download A Field Guide to Secure Wi-Fi–Observations From Your Laptop eBook and see what Wi-Fi trouble my owner gets into next. 

Until next time,

Mac

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: public wifi, secure wi-fi cloud, secure wifi, small business, small business wi-fi, small business wireless, WIPS, wireless intrusion prevention system

Comments

  1. Fazal Majid says

    May 30, 2018 at 8:52 am

    It’s perfectly fine to do online banking from an unsecured WiFi access point, since those are protected by SSL/TLS.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use