25 Feb, 2021

Evil Twin Attack

In today's technology world, wireless networks appear in every moment of our lives. Unlike wired networks, it has advantages such as lower cost and high availability. Of course, when it comes to security, cyber attackers do not hold back. Cyber ​​attackers carry out an attack called Evil Twin Attack on the wireless network. In this article, we try to summarize what Evil Twin Attack is and how it is performed.

What is Evil Twin Attack ?

The Evil Twin attack is basically a MITM (Man in the Middle) attack, that is, the attacker comes between the targeted person and the modem. In order to carry out this attack, the attacker pretends to be a modem spreading the internet and applies a Deauth Attack (which is a user's network disconnection attack) to the real modem. The attacker steps in when the real modem is unable to transmit its internet service due to the Deauth attack.

How to Perform an Evil Twin Attack?

Cyber ​​attackers may have different motivations and goals to carry out an evil twin attack. The attacker can attack to obtain private data such as the victim's ID number and phone number, or they can use this attack method to hijack the victim's network traffic and extract sensitive data from this traffic.

Scenarios for the capture of critical information with the Evil Twin attack

Scenario 1: Obtaining Personal Information over Restaurant WiFi Networks

When we want to connect to the internet in a restaurant, we often come across a login page that asks for various information. This portal has a generic name and it is called Captive Portal. The reason for using Captive Portal is to add an additional verification factor to make internet use more secure. Attackers, on the other hand, create a Fake Captive Portal and provide phone number, T.C. can obtain our personal data by requesting critical data such as identification number, mother's maiden name. In general, the methods followed by the attackers;

⦁ Creates a free WiFi network server in a restaurant using the restaurant's name.
⦁ The victim who comes to the restaurant wants to connect to the network, sends a connection request to the network published by the attacker.
⦁ A Captive Portal screen appears in front of the target. This portal can ask for the information the attacker wants. (Telephone number, TR ID number …)
⦁ The target enters the requested information and sends the connection request, and as soon as it sends the connection request, the information requested by the attacker reaches his hand.

Scenario 2: Obtaining the Password of Home or Business WiFi Networks

An attacker can try to obtain the password of the WiFi network at home or at work. Thus, it can log into the network with the obtained WiFi network password and perform different and special in-network attacks. In general terms, the steps followed by an attacker;

⦁ He could not obtain the password of the wireless network by brute force attack, so he wanted to apply Evil Twin management.
⦁ Creates a fake password-free wireless network with the same name as the WiFi network, with stronger signal.
⦁ The attacker applies a Deauth attack to the network. Thus, the victim cannot gain access to the modem. At the end of this break, the victim goes to the WiFi section from the settings section and sees the attacker's WiFi network with the same name. The victim does not realize this and naturally tries to connect to the network that he thinks is correct.
⦁ When connecting to the network, the victim is prompted for the network password. If the victim is an unconscious user, they want to type the password and connect.
⦁ As a result of this attack, the attacker obtains the password of the modem.

Awareness Tip : If you entered the password once when connecting to a wireless network for the first time and did not say "forget this network" afterwards, the system will not prompt you to re-enter the same password.

Source:

en.wikipedia.org

rootsh3ll.com


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram