Monday, March 28, 2005

More on WiFi's "Evil Twin"...

Expounding on what I had said earlier, if you setup a fake access point (AP) having the same SSID as that of the legitimate AP and transmit on the same channel as the original AP, you could potentially take over the user sessions. There is NO way to identify the legitimacy of an AP except for its SSID. This is true for AP's that dont use WEP (or some variant).

How difficult is it to find out the SSID of an AP? Well, most of the SSID's are by default setup in a broadcast mode. Anyone with a WiFi laptop can easily pick the SSID of an AP. For the more adventureous, there are programs like AirSnort that can sniff out the SSID of an AP, even if it is not set to broadcast mode.

Take the case of an airport. Airport cannot use WEP. Otherwise, they would have to go around telling everyone who wants to connect to their wireless network, what their WEP key is. This defeats the purpose of having a WEP key in the first place. Its equivalent of telling everyone your password. They normally setup a default page, that lets you either sign-in into your account, or lets you create one (with a credit card ofcourse). Now imagine, if someone sets up a fake sign-in/sign-up page and asks users for either their login/password or their credit cards.

Can you think about a remedy to this problem? Well, let me know through the comments of this entry.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?

Copyright Anand Jain 2004, 2005. All rights reserved.