Wireless Internet (Wi-Fi) users are at risk from a new kind of threat known as “evil twins”. Evil twins are bogus internet connections setup by fraudsters to mimi the real thing.
Wi-Fi users think they have logged into a bona fide internet provider. They then submit personal details such as bank passwords and credit card numbers through the internet connection – and straight into the hands of criminals.
Security software such as firewalls offer little protection as the user has effectively voluntarily logged into the compromised network.
“Users need to be wary of not using their wi-fi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive personal nature,” said Professor Brian Collins from Cranfield University, a former chief scientist at GCHQ, the Government´s electronic eavesdropping station.
Wi-Fi allows users to connect to the internet by sending wireless signals to nearby “hotspots” which then relay data to the local internet service provider (ISP). Fraudsters simply scan for these hotspots and then substitute them with their own identical “evil twin”.
Dr Phil Nobles, a wireless internet and cybercrime expert at Cranfield University, near Swindon, said that the evil twin hotspots present a hidden danger for web users.
“In essence, users think they´ve logged on to a wireless hotspot connection when in fact they´ve been tricked to connect to the attacker´s unauthorised base station,” he said. “The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client.
“Cybercriminals don´t have to be that clever to carry out such an attack. Because wireless networks are based on radio signals they can be easily detected by unauthorised users tuning into the same frequency.”
Dr Nobles spelled out the warning today at a wireless crime event held at the Dana Centre, the Science Museum´s forum for discussing controversial science, in London.