The introduction of telework has increased opportunities to work outside the company or home. With tethering on your smartphone, you can connect to the Internet anywhere. However, if you want to reduce communication charges, or if you are in a state of “insufficient giga” where the remaining data communication frame is insufficient, you will want to use public Wi-Fi. However, free services have their fears because they are free.
For example, the free public Wi-Fi available in hotel lobbies has the “SSID” and “password” required for connection posted, or the staff can easily tell you if you ask. Passwords are sometimes called “passphrases” or “security keys.” More precisely, it is called a “pre-shared key”.
This allows an attacker to set up an access point with exactly the same SSID and password as the legitimate service. This attack is sometimes called the “devil’s twin attack”. What are the dangers of this attack? I tried it.
You are connected to a fake access point
First, let’s take a look at the access point settings screen. The settings are very simple. If you know the SSID and password of a legitimate service such as a hotel, you can set up a fake access point just by entering it.
Access points generally don’t complain if the SSID overlaps with one already installed. Such settings are possible.
