Attack "Evil Double"

  • Attack "Evil Double"

    What is the “Evil Double” attack? This is a type of phishing used in wireless networks. The attacker creates a copy of the AP, which is within the radius of the user's reception and replaces it with his own, to which the user connects.
    How is the attack?

    First, the attacker conducts reconnaissance, during which he receives information about all wireless networks within the range of his device. It recognizes mac addresses, encryption types, BSSID and ESSID.
    When a double point is installed, and the double transmit / receive power in the client reception area exceeds the power of the copied access point, it is likely that the attacker will connect to the clone, and not to the original access point.
    After the client connects to the AP, the attacker can not only save all network traffic for analysis, but also replace the DNS to steal credentials and lure a person to a phishing page, which will not differ from the real page in any way.
    After the attack, the attacker simply disconnects the adapter and it becomes impossible to find.

    How to protect yourself?

    There is no panacea for such attacks, but there are recommendations that will help to identify at least most of the attacks.

    Look at the page and look for oddities. Bad animation, no elements, encoding or font is broken.
    Encrypt your traffic. Use VPN, DNS-crypt, etc.
    Watch for browser messages about encryption violations or inappropriate certificates. Inexperienced attackers forget to create their certificate to bypass SSL error notification, etc. It will be in our hands.

    As we can see, it is possible to defend against attacks, but this does not give complete security.

    Thanks to all.

Log in to reply

Login in your account to Start Chat