Telecom

Why public Wi-Fi services are dangerous, beware of the “devil’s twin attack”

The introduction of telework has increased opportunities to work outside the company or home. With tethering on your smartphone, you can connect to the Internet anywhere. However, if you want to reduce communication charges, or if you are in a state of “insufficient giga” where the remaining data communication frame is insufficient, you will want to use public Wi-Fi. However, free services have their fears because they are free.

 For example, the free public Wi-Fi available in hotel lobbies has the “SSID” and “password” required for connection posted, or the staff can easily tell you if you ask. Passwords are sometimes called “passphrases” or “security keys.” More precisely, it is called a “pre-shared key”.

 This allows an attacker to set up an access point with exactly the same SSID and password as the legitimate service. This attack is sometimes called the “devil’s twin attack”. What are the dangers of this attack? I tried it.

Experimented with the Wi-Fi router in the back as a legitimate access point and the access point in front as an attacker's access point.
Experimented with the Wi-Fi router in the back as a legitimate access point and the access point in front as an attacker’s access point.
(Source: Suguru Kasubuchi)
[Click image to enlarge]

You are connected to a fake access point

 First, let’s take a look at the access point settings screen. The settings are very simple. If you know the SSID and password of a legitimate service such as a hotel, you can set up a fake access point just by entering it.

 Access points generally don’t complain if the SSID overlaps with one already installed. Such settings are possible.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button