By: Sarah Todoroff, Content and Social Media Manager
In fictional stories the evil twin is the antagonist of the story. A physical copy of the protagonist but with a radically inverted morality. In security, an evil twin is a term for a rogue Wi-Fi access point (antagonist) that appears to be a legitimate one (protagonist) offered on the premises. It masquerades as a legitimate one to allow an attacker to gather personal or corporate information from mobile device users.
An evil twin wi-fi hotspot can easily be created with a smartphone or other Internet-capable device and some readily-available software. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.
To the end-user, the evil twin looks like a hot spot with a very strong signal; that's because the attacker has not only used the same name and settings as the "good twin" he is impersonating, he has also physically positioned himself near the end-user so that his signal is likely to be the strongest within range. If the end-user is tempted by the strong signal and connects manually to the evil twin to access the Internet, or if the end-user's computer automatically chooses that connection because it is running in promiscuous mode, the evil twin becomes the end-user's Internet access point, giving the attacker the ability to intercept sensitive data such as passwords or credit card information.
Evil twins are not a new phenomenon in wireless transmission. To avoid evil twin attacks, end users should only use public hot spots for Web browsing and refrain from online shopping or banking in public places. To protect corporate data, employees who use wireless devices should always connect to the Internet through a VPN.