The number of unencrypted unprotected wireless networks around is amazing, but they are not the only danger that users have to look out for. An attack method called “Evil Twin” is becoming more popular and is a reversal of the normal wireless dangers. Basically an Evil Twin attack is where someone sets up near a legitimate wireless hotspot and sets up their own wireless network and jams the original with a stronger signal (and becomes an “Evil Twin”). The result is that people connect to the malicious network unknowingly and start doing their normal stuff like online banking, E-bay and Paypal etc. While they are doing this, the malicious party is listening in to everything they do, and capturing any user names/passwords they use. Annoyingly, the equipment to do this is remarkably cheap, so it’s a practise that’s likely to get more popular before the law catches up. Read more about the Evil Twin attack at Eweek and at Cnet.
But first things first, the biggest problem with wireless at the moment, is that it has become so cheap that everyone is buying wireless routers and not studying up on the security aspects. On all wireless networks I set-up, I use WPA-PSK encryption (with the longest key permissible), hidden SID and MAC address filtering, while this doesn’t guarantee I am 100% protected, it makes me about a million times harder to compromise then an open wireless network, and it’s logical that these guys will go for the easy targets before wasting ages trying to get into my networks.
