Fake Hot Spots Pose Serious Wi-Fi Phishing Threat

AirMagnet, the leader in wireless LAN (WLAN) security and performance solutions, addresses the "evil twin" problem that has been plaguing Wi-Fi networks for several years, but has received recent attention in the press. AirMagnet products first protected customers, such as hot spot providers and hotels, from spoofed wireless access points (APs) and similar attacks in 2002, which have recently come to be known as "evil twins."

In the "evil twin" example, a hacker sets its service identifier (SSID) to be the same as an access point at the local hot spot or coffee shop, or even a corporate wireless network. He then disrupts or disables the legitimate AP by disconnecting it, directing a denial of service against it, or creating sufficient RF interference around it with a metal or another obstacle to prevent it from communicating with nearby laptops or other devices. Users that were connected to the legitimate AP lose their connections and re-connect to the "evil twin," allowing the hacker to intercept all the traffic to that device.

"While many corporate wireless networks have security measures in place to prevent hackers from gaining access to sensitive information, users of hot spots and other public wireless networks are more at risk," said Dean Au, AirMagnet President and CEO. "The growing menace of phishing scams, and the increasing use of Wi-Fi networks for e-commerce transactions make securing these networks absolutely critical. AirMagnet customers already have the tools to locate and defeat 'evil twins' and hundreds of other Wi-Fi issues."

AirMagnet users can use remote or mobile products to identify "evil twin" and similar attacks in several different ways, at multiple stages of the process:

-- AirMagnet identifies 20 different types of denial-of-service attacks, which is most often the hacker's first move in an "evil twin" attack.

-- AirMagnet identifies multiple devices with the same MAC address, a circumstance that is a very good indication that a spoof is being attempted.

-- AirMagnet identifies rogue devices with legitimate SSIDs that do not match up with a legitimate vendor, or are on the wrong wireless channel or band.

-- AirMagnet also identifies excessive AP power cycling and configuration changes, which may indicate a failing device or tampering by a user.

-- AirMagnet also identifies APs that should be active, but have gone silent (stopped transmitting), which may be a performance malfunction, but could be an indication of foul play.

Contacts

AirMagnet
Jenny Coupe, 408-400-1290
jcoupe@airmagnet.com
or
A&R Partners (for AirMagnet)
Mary Colvig, 650-762-2820
mcolvig@arpartners.com

Related Articles

• Y-Tel Signs Agreement to Bring the First Wi-Fi Mesh Network to the Bahamas
  20 January 2005



• Largest Metro Wi-Fi Network in US Goes Live in Rio Rancho, NM
  20 January 2005



• DONOBi Enters $900 Million Wi-Fi Market
  20 January 2005



• Wi-Fi Surpasses Ethernet for Home Networking
  19 January 2005



• Lucent Worldwide to Deliver Wi-Fi solutions
  19 January 2005



• Panera Selects SAVVIS To Power Network Of Free Wi-Fi Hotspots
  18 January 2005



• Wi-Fi and Cellular Convergence Subscribers to Reach 55 Million by 2010
  18 January 2005



• Innovations From Aruba Includ First Wi-Fi VPNs for Secure Remote Access
  17 January 2005



• Broadcom HP and Linksys Make Wi-Fi Installation Easy
  9 January 2005



• Video54 Introduces Technology to Deliver Video Over Wi-Fi
  6 January 2005

Recent Issues