What is an evil twin attack?

How to identify and prevent evil twin attacks

What is an evil twin attack?

Evil twin attacks are a hack attack where an cyber hacker set up a fake Wi-Fi network that looks like an official access point to steal sensitive information from victims. Often, victims of such attacks are ordinary people like you and me.

Attacks can be done as a man-in-the-middle (MITM) attack. The fake Wi-Fi access point is used to listen to users and steal their login credentials or other sensitive information. Because the criminal owns the property, the victim will not have the impression that the cyber criminal may seize items such as bank transactions.

Poor cross-access point can also be used for sensitive information theft. In this type of attack, the victims will be linked to the evil twins and will be lured into a criminal site for stealing sensitive information. It will prompt them to enter their sensitive data, such as their login details. These, of course, will be sent directly to the hacker. Once the cyber hacker has found them, he can simply disconnect the victim and show that the server is temporarily unavailable.

Also Read : How to Install Kali NetHunter Android Termux No Root

AIso Read : How to Install & Run Ubuntu on Android Termux No Root

Evil twin attack example

The most common form of twin attacks you can find in the wild is one with captive portals. Many public Wi-Fi networks use web pages that require your login information to connect you to the Internet. The purpose of this attack is to trick the victim into providing her with verified Wi-Fi network verification details. If the hacker has this information, he can hack into the network, take control of it, monitor unwritten traffic, and launch another MITM attack. Let’s dig deeper into what happened in each step of the attack.

Step 1: The hacker sets up a fake wireless access point
The criminal chooses a public place with many tropical locations, such as your local Starbucks or airport. Such sites usually have multiple Wi-Fi hotspots with the same name. It’s great if you walk around the building and don’t want to lose your connection, but it also makes the criminal job much easier when it comes to creating a fake hotspot with the same name Wi-Fi.

Now the bad character can use anything from a network card, tablet, or portable computer to a portable router or Wi-Fi Pineapple (if it needs more bandwidth) to create a hotspot. It’s so easy! Imagine for a second you were transposed into the karmic driven world of Earl and to your friends. That is exactly what the hacker does; however, they use the same name for the Service Set Identifier (SSID), also known as the Wi-Fi name, as it does the official one.

Why is this important? Because most devices are not smart enough to distinguish between official and fake access point if they have the same SSID. (Some hackers may even be able to compile the MAC address of a trusted network.) That’s why it’s called a bad twin!

Step 2: The Hacker Creates a False Captive Portal
If you have ever used public Wi-Fi, you may have seen the captives portal page. They usually ask for some basic information about you or tell you to enter a Wi-Fi hack and password. The problem with Captive Portals is that there is no standard for what it should look like, and it is often poorly designed.

Unfortunately, if you encounter this, it will send your information directly to the criminal.

Cybercriminals may miss this step if they set up a bad twin when the Wi-Fi network is turned on and thus does not have a hostage portal. If the official Wi-Fi has a password, creating a hosted site helps the hacker to get login details and connect to the network.

Step 3: The hacker makes the victims connect to the evil Wi-Fi twins
evil twin attack
Now that the hacker has a hotspot and a captured portal, they need to get people to dump the official connection and connect to their own. This can be done in two ways:
  • They create a powerful Wi-Fi signal by placing them close to their victims, which will result in nearby devices automatically connecting to the evil twins.
  • They kick everyone in a big network called DDoSing, or puff it up with authentication packages. Devices connected to the official network will be disconnected, which will lead users back to their Wi-Fi connection page.
  • They will now see a new network with the same name, which may mean ‘Unsecured’. This will set alarms on users who are aware of the security, but most people will just remove it. This method may not work in an office environment, where it may arouse suspicion.
Step 4: The hacker steals the login details
If the evil twin has a portfolio of fake captives, the user will be directed directly to the login page when clicking on the new network. They will need to enter the same login details they used for the first time when connecting to an official network.

However, in this round, they sent this information to the hacker. Now that hackers have them, they can monitor the network traffic and what you are doing online. If you frequently use the same login details for all of your accounts, a hacker might use it in a verification attack.

How Evil Twin Attack works

To make the attack as credible as possible, hackers often use the following steps:

Step 1: Choose a location with free Wi-Fi
Cybercriminals choose a busy area with free Wi-Fi, popularly known as the airport, library or coffee shop to attack. These hotspots often have multiple access points with the same name, making it easier for hacker hackers to ignore.

Step 2: Set up Wi-Fi access point
Next, the hacker creates a new hotspot using the same Service Set Identifier (SSID) name as the official network. They can use almost any device to do this, including phones, laptops, laptops, and tablets. Some hackers may use Wi-Fi Pineapple to gain wider range.

Step 3: Create a portfolio of fake captives
If you have ever logged into a public Wi-Fi network, you may have encountered a hosted portal page. This usually requires you to enter a password or other basic information to access the network. Although many legitimate networks use these, cyber criminals can easily duplicate them to trick users into submitting their login details.

Step 4: Set up near potential victims
This ensures that people choose their network over powerless and forces other devices to connect automatically.

Step 5: Monitor and steal user data
This is especially dangerous if the user is using the same credentials on multiple sensitive accounts.


Mr Admin

Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking. I’m currently learning more about Hacking, Web Design, Coding, Android ROM

Related Articles

Inline Feedbacks
View all comments
Back to top button
Would love your thoughts, please comment.x