 Sunday, January 23, 2005 ( 3:24 PM ) Andy Phishing for an Evil Twin So you have a few minutes to kill at your favorite coffee shop, airport or hotel lobby. You pull out your laptop and decide to get a little work done or check on your personal finances. Isn't Wi-Fi great? You can log on and update your audit reports, loan applications pending or pay your own bills through internet banking. But watch out, phishing now has a brother, an evil twin. You have to watch out now for more than thieves trying to get your data by faking you out with an imitation web site. Researchers at Cranfield University are warning Wi-Fi users about hackers setting up their own Wi-Fi hot spots with signals stronger than the one rightfully there. Once you log on to the evil twin, they can easily intercept your data such as passwords and usernames. Base-station cloning was dubbed an evil twin nearly two and a half years ago when ISS published details about this potential criminal activity. Brian Collins, Cranfield University's head of information systems, said that people can protect themselves by ensuring that their Wi-Fi device has its security measures activated. Most of these protections though are on the side of the router. Collins said that in the vast majority of cases, base stations taken out of the box direct from the manufacturer are automatically configured in the least secure mode possible. The owners of these devices often don't even change the standard passwords that allow settings on the router to be changed. Perhaps "user beware" should be the username and sign on password for many of these hot spots. Certainly when you are on an untrusted site you must restrict the data you send. # |
|