'Evil twin' threat to Wi-Fi users

CNN> has an article on Wi-Fi network spoofing. Basically, an attacker sets up an access point in the range of a legitimate network, and configures it to have the same SSID as the legitimate network. Users expecting to log in to their regular network instead get the attacker's network, and the attacker can trivially capture their passwords, read their email, see what web sites they visit.
To protect against this, users can enable WPA on their Wi-Fi networks. At a minimum, WPA Personal requires a password shared between the client and the access point. During the authentication process, a handshake occurs that requires each end of the connection to prove to the other that they know the password (without sending the password, of course). An attacker with an illegitimate access point presumably won't know the password, and any attempt to connect to that access point would fail.
Even better, WPA Enterprise uses a TLS handshake between the client and the authenticating server (such as Elektron). This means that the server uses a digital certificate to identify itself to the client. If the server can't product a certificate trusted by the client (as would be the case with an attacker), the client won't connect.
By Chris on January 20, 2005 10:53 AM |