This Twenty-Year Old Hack Still Beats Most Wi-Fi Access Points – And Here’s Why

List of WiFi networks on smartphone in the shopping mall

Wi-Fi is the most popular wireless networking protocol in the world and has existed for almost 20 years, but in that time, the layer two surface has remained largely undefended from many wireless attacks. Our Director of Product Management and resident Wi-Fi expert Ryan Orsi recently wrote a guest blog for Dark Reading, which explains how Wi-Fi security is lagging across the wireless industry and digs into the details of one particularly dangerous Wi-Fi threat – the Evil Twin AP. 

The Evil Twin AP works by using 802.11 radios to broadcast the same SSIDs as legitimate Wi-Fi access points, tricking victims’ devices into associating with the attacker’s device instead of the intended AP. Now the victim’s traffic flows through the attacker’s AP and they can manipulate or spy on the victim’s internet activities. Here’s an excerpt from Ryan’s article about the consequences of this attack:

“This entire process is used to allow attackers to establish MitM positions from which they can siphon packets and inject malware or backdoors onto victim devices for remote access. Once in a MitM position, the attacker has complete control over the Wi-Fi session. These cybercriminals can leverage well-known tools to duplicate popular login forms for social sites or email hosting platforms, intercept the credentials in plain text, forward them to the real websites, and log in the user. As the target, you might believe you’ve simply logged in to your email account as always — but in reality, you have handed your credentials over to an attacker.”

The Evil Twin is widely known in hacking communities and it’s very effective. In fact, the US Department of Justice recently charged agents from the Russian military hacking group GRU with using an Evil Twin attack to steal credentials and force malware onto targets like anti-doping organizations and chemical testing labs.

So how do you prevent this kind of attack? As an individual, you can use a Virtual Private Network (VPN) while connected to Wi-Fi in order to conceal your traffic from an Evil Twin attack. Businesses should use Wi-Fi solutions that leverage Wireless Intrusion Prevention System (WIPS) capabilities to detect and prevent wireless attacks, but be aware that these products vary widely in their effectiveness. As a matter of fact, according to a recent Miercom test of APs from major networking vendors, only WatchGuard’s Secure Wi-Fi access points proved capable of automatically detecting and preventing every known Wi-Fi threat category.

This is part of a larger issue with security in the Wi-Fi industry. Most of the R&D in the past several years has gone toward improving the range, throughput and connectivity of APs, while security has been neglected. That’s why WatchGuard developed the Trusted Wireless Environment Framework, a guide to building complete Wi-Fi networks that are fast, easy to manage, and most importantly, secure. Without more education on what Wi-Fi security threats exist and how to design networks that protect against them, threats like the Evil Twin attack will persist.  

To learn more about the Evil Twin attack, read Ryan’s full article in Dark Reading. You can find out more about Wi-Fi security here on Secplicity, and watch our video demo of an Evil Twin AP here.

You Have 99 Problems; Securing Your Wi-Fi Should NOT Be One of Them

Prepare to be amazed in the Putting the “Why” in Wi-Fi Security webinar.

With Wi-Fi vulnerabilities like the “Evil Twin” access point making global headlines, it’s not just about Wi-Fi connectivity anymore—security needs to come first. Wi-Fi security is a complicated technology area, and security-related messaging coming from many vendors creates more confusion than clarity. To remedy this industry challenge, WatchGuard has introduced the Trusted Wireless Environment Framework for building a complete Wi-Fi solution that is fast, easy to manage, and most importantly, secure—automatically blocking attacks coming from the six known Wi-Fi threat categories.

In this webinar, Ryan Orsi, Director of Product Management at WatchGuard and Miercom CEO Robert Smithers uncover what it takes to test the security efficacy of Wi-Fi access points. You’ll hear first-hand from Robert about how WatchGuard’s Wi-Fi stacks up against the other AP vendors: Cisco Meraki, Aruba, and Ruckus.

In the meantime, download the Wi-Fi Security report for a sneak peek at the test results, and ask your IT colleagues or service providers to make sure that your Wi-Fi network meets the security standards defined by the Trusted Wireless Environment Framework.

Russian Wi-Fi Hackers – Daily Security Byte

Last week, Dutch authorities found Russian spies allegedly trying to man-in-the-middle (MitM) the Wi-Fi network of the Organization for the Prohibition of Chemical Weapons in The Hague. Authorities claim the GRU was also found doing similar attacks against anti-doping agencies around the world. Turns out, these nation-state attackers still use off-the-shelf hacking tools like the Wi-Fi Pineapple, and use classic wireless attack techniques like the Evil Twin attack. Watch today’s video to learn more about these allegations, the Evil Twin attack, and what you can do to protect yourself from this type of wireless assault.

Episode Runtime: 3:44

Direct YouTube Link:


Corey Nachreiner, CISSP (@SecAdept)