Question

One of the most successful attacks against wireless networks (WLAN) is the Evil Twin attack. The goal is to introduce an attacker-controlled wireless access point near the “known good” WLAN network. This access point will advertise the exact same SSID as the authorized WLAN. Wireless users may accidently connect to this malicious access point thinking it is part of their authorized network. Once the connection is established, the attacker can initiate a man-in-the-middle attack and capture or relay traffic while eavesdropping on the entire communication.

Explain the potential risk an Evil Twin attack like this this would present, not in theory, but to your own organization (company, school, etc.) and how you would go about setting up an Evil Twin attack if you were an attacker. Detail the goals, tools, process, and methodology. Use whatever research will assist you. Provide screenshots if possible to demonstrate what you are doing. They can be third party

Answer 1

Answer:

Evil Twin Attack Potential Risk:

• The Evil Twin attack itself is quiet simple, both in implementation and idea.
• The basic idea behind this type of attack is to plant an illegitimate Wireless Router with the exact same SSID as the legitimate router into the same physical network, idea beingthat people typically do not check to make sure they are connecting to the right one and would assume that duplicate network IDs are just a glitch.
• To demonstrate how easy this attack would be I will use the University of North Texas, my undergraduate Alma Mater, as an example.
• I do have to say that this example was actually used and that we did not use any data collected but instead were just trying to see if we could do this attack.

The potential risk to our school’s network was clear:

• The potential risk to our school’s network was clear: we could intercept traffic from students, specifically in the college of business, who were accessing personal or financial data and in fact we did see 2 students accessing the fidelity trading system during this attack, though the traffic was using https.
• To begin our attack, we used a raspberry pi with a skinned down version of Kali Linux to avoid detection when we left it attached to power behind a printer in the student center.
• We used a serial cable and connected straight in to the device to start aircrack, as seen below.
• 
• Once we were in observation mode we saw a few students connect to the network and selected a couple at random.
• We noticed the mac address of 00:09:5B:6F:64:1E was the mac of the actual access point and the AP’s name was EagleConnect.
• We created the fake access point using the command airbase-ng-a00:09:5B:6F:64:1E --essid "EagleConnect" -c11 mon0 based on instructions from a presentation our instructorfor “IntroductiontoInformationSecurity” had walked us through the prior semester and then, using the same source, sentade-authentication packet to both our targets.
• As expected, our 2 targets were sitting a few tables over and immediately tried connecting too ur fake network, which was in turn connected to the actual network for internet access.
• At this point we understood that we had succeeded in reproducing the Evil Twin attack but we did not proceed further. If we had gone further with this attack we could have very easily used Ethercap to inject malicious traffic and could have compromised the systems for future use. We could have also recovered usernames, passwords, and personally identifiable information from the traffic as well.

Thank you.