Watch out for Wi-Fi's 'evil twin'

| Tuesday, February 08, 2005

Worried about Starbucks taking over the world? Don’t. What you really need to worry about is its evil twin.

The dreaded “evil twin attack” is the latest in a long line of maladies that can afflict your computer. Experts say it can occur at virtually any hot spot where you use Wi-Fi to access the Web.

Here’s how it works: You pull up to your favorite truck stop – or Starbucks or any other location offering high-speed wireless Web access – pull out the lap top and hook up to the Internet.

What you don’t know is that someone nearby – perhaps in the building next to your favorite truck stop – has set up another hot spot, overlapping the truck stop’s. That sneaky someone sets up their hot spot to look and act like the truck stop’s.

Christopher W. Klaus of Internet Security Systems says the evil twin hot spot will typically use a stronger signal than the legit base station, causing the poor trucker to unknowingly hook into the wrong system.

Once you’re connected, the “evil twin” can watch and record everything you do – including typing in passwords, credit card or Social Security numbers.

Because the fraudulent hot spot mirrors the real one, computer geeks have named this particular type of attack “evil twin.”

“The ‘evil twin attack’ is an example of the increasing sophistication of wireless attacks,” Richard Rushing of AirDefense, an Alpharetta, GA-based computer security firm, said in a news release. “People are lulled into a false sense of security with personal firewalls.”

However, don’t worry – the chances that you’ll be the victim of an “evil twin” are not very big, says Robert Vamosi, a writer with technology Web site CNet.

Despite that, you should take steps to protect your computer. A personal firewall is a good start, but you should do more.

Vamosi recommends using Wired Equivalent Privacy encryption or the new Wi-Fi Protected Access standard. You can buy Trend Micro PC-cillin Internet Security 2005 to monitor your wireless connections. And Rushing’s company, AirDefense, says its product is designed to protect users from “evil twin attacks” and other problems.

AirDefense also advises users to enter personal information into only those Web sites protected by SSL – the Secure Socket Layer standard.

By Mark H. Reddig, associate editor
mark_reddig@landlinemag.com 

Comments