Dropsafe

by Alec Muffett

‘Evil twin’ fear for wireless net

Bah! My colleague Rob, and I, set one of these up at USENIX Security in Washington DC, a couple of years ago; two Apple laptops and a piece of Cat-5. Easy…

[news.bbc.co.uk]

‘Evil twin’ fear for wireless net

People using wireless high-speed net (wi-fi) are being warned about fake hotspots, or access points.

The latest threat, nicknamed evil twins, pose as real hotspots but are actually unauthorised base stations, say Cranfield University experts.

Once logged onto an Evil Twin, sensitive data can be intercepted.

Comments

6 responses to “‘Evil twin’ fear for wireless net”

  1. acb
    re: ‘Evil twin’ fear for wireless net

    How exactly do you make a computer look like a base station and not another computer (i.e., ad hoc networking)? What’s the actual difference between a base station and a computer from a WiFi client’s point of view?

    Reply
  2. Chris Samuel
    re: ‘Evil twin’ fear for wireless net

    There are two ways wireless networks work, one called Infrastructure mode (aka BSS – Basic Service Set) and the other called Ad-Hoc mode (aka IBSS – Independant Basic Service Set).

    In Infrastructure mode you associate with an AP and send frames to that AP, it then decides on who else needs to get them and rebroadcasts them if necessary. This way you can talk via Wireless to another system via the AP that you would not otherwise be able to see because of obstructions or distance problems.

    In ad-hoc mode you do without the AP and negotiate and communicate directly with other peers (hence sometimes called peer-to-peer mode).

    Now certain retail cards firmware supports running the card in what’s called HostAP mode where the 802.11 management functions are passed onto the host to deal with (to me this sounds like how a lot of AP’s would actually be built).

    There is a Linux driver for this mode for Intersil Prism2/2.5/3 cards available from: hostap.epitest.fi

    There’s also some useful WiFi info at (ignore the last entry): http://www.sandisk.com/consumer/download/connectplus/Information/WirelessNetwork.htm

    cheers!

    Chris (who loves playing with WiFi gear, a frustrated never-quite-made-it-to-ham-radio geek)

    Reply
  3. alecm
    re: ‘Evil twin’ fear for wireless net

    in apple terms:

    1) connect two laptops, A and B

    2) on A, “Create Wifi Network” named “Hotspot” or whatever the local network is called, then “Share Ethernet connection with Wifi Network”

    3) on B, Subscribe to the *real* “Hotspot” wireless network, and then “Share Wifi connection with Ethernet Network”

    4) tcpdump the Ethernet network

    There are pros and cons of doing this, this way, but they’re fairly obvious.

    Reply
  4. acb
    re: ‘Evil twin’ fear for wireless net

    And does a Mac running in this mode appear (to connecting machines) to be a base station, or just another computer?

    Reply
  5. alecm
    re: ‘Evil twin’ fear for wireless net

    when you use the Mac to “share ethernet connection with wireless” it kicks the wireless conection into Managed, rather than Ad-Hoc mode, so yes it does appear to be a base station and mediate matters as-would a dedicated base station

    Reply
  6. alecm
    re: ‘Evil twin’ fear for wireless net

    plus it sets-up a DHCP server, too.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts