News Release

'Evil twin' hotspots are a new menace for internet users, warns Cranfield University

Peer-Reviewed Publication

Cranfield University

'Evil Twin' hotspots: the latest security threat to web users, according to wireless internet and cyber crime experts at Cranfield University, academic partner of the Defence Academy of the UK.

Dr Phil Nobles, wireless internet and cyber crime expert at the university, will be speaking at the wireless crime event at the Science Museum's Dana Centre – the UK's only venue for adults to discuss controversial science – on Thursday 20 January 2005 from 19.00-20.30. He will explain the latest security threats to internet users and will also discuss wireless computing vulnerabilities that exist at present.

"So-called 'Evil Twin' hotspots present a hidden danger for web users," explained Dr Nobles.

"In essence, users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorised base station. The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client –thereby turning itself into an 'Evil Twin'."

Once the user is connected to the 'Evil Twin', the cyber criminal can intercept data being transmitted, such as bank details or personal information.

"Cyber criminals don't have to be that clever to carry out such an attack," added Dr Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorised users tuning into the same frequency."

Unwitting web users are invited to log in to the attacker's server with bogus login prompts and can pass sensitive data such as user names and passwords which can then be used by unauthorised third parties. This type of cyber crime goes largely undetected because users are unaware that this is taking place until well after the incident has occurred.

Attacks can also take the form of degrading the performance of the client network or a complete denial of service. The attacker can get the victim's network to collude in the attack so that the degradation in network performance is less likely to be detected.

Professor Brian Collins, Head of Information Systems Department at Cranfield University, said: "Web users who use wi-fi networks should be on their guard against this type of cyber crime.

"Given the spread and popularity of wireless internet networks – which, according to data research company IDC, is predicted to increase from 7,800 to nearly 22,000 by 2008 – users need to be wary of using their wi-fi enabled laptops or other portable devices to conduct financial transactions or anything of a sensitive or personal nature, for fear of disclosing this information to an unauthorised third party."

Professor Collins continued: "Users can also protect themselves by ensuring that their wi-fi device has its security measures activated. In the vast majority of cases, base stations taken out of the box direct from the manufacturer are configured in the least secure mode possible."

Cranfield University acknowledges that this is a new area of cyber crime where more research is required.

Lisa Jamieson, Head of Programmes at the Dana Centre, added: "Half of all business wireless networks in this country have inadequate security controls in place, making their information vulnerable to attack. At the Dana Centre we have in place a hardened firewall which protects the public using our wireless network from electronic attack.

"Through this event, the audience will be more aware of the potential risks and can find out how to ensure that they don't become another cyber victim statistic." Ends

###

Media enquiries
Lauren Gildersleve, Press Officer, Science Museum, Tel: 0207 942 4328 / Mobile: 07989 979864 E: lauren.gildersleve@nmsi.ac.uk
Ardi Kolah, Director of Communication (Defence), Royal Military College of Science, Cranfield University, Defence Academy of the UK, Tel: 01793 785435 / Mobile: 077100 77941 / Home: 020 8 542 8110 E: a.kolah@cranfield.ac.uk

Notes to editors
Wireless crime event at the Science Museum's Dana Centre, 165 Queen's Gate, London SW7 5HE. The nearest underground station is Gloucester Road.

This event is FREE but must be pre-booked on T: 020 7942 4040 or E: tickets@danacentre.org.uk W: www.danacentre.org.uk Journalists are invited to attend and should register by contacting Lauren Gildersleve or Ardi Kolah.

As part of the evening event, an interactive demonstration by Dr Phil Nobles, will highlight the vulnerabilities of wireless computing, how cyber criminals can hack into personal computers and wi-fi devices and the measures users should take to protect themselves. The presentation by Dr Nobles is partly based on his paper 'Vulnerability of IEEE802.11 WLANs to MAC layer DoS attacks' presented at the 2nd IEE Secure Mobile Communications Forum, Savoy Place, London on 23 September 2004.


Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.