SSID Spoofing
aka phony access points, evil twins, or honeypots

Why you should always be sure the access point is legitimate when connecting to a WLAN

  1. Intro 1
  2. Conceptual Content 2
  3. Demo 3

Agenda

1. What is SSID Spoofing
2. How does it work? (Conceptual)
3. How can one avoid revealing information?
  • Https?
   • Https flaws
  • VPN
4. How does it work? (Demo)

What is SSID Spoofing?

• SSID = Service Set Identifier (Unique identifier and sometimes name of the WiFi)
 • SSID Spoofing = Imitating wireless access point names and identifier
  • SSID Spoofing aka phony access points, evil twins, & honeypots
• Creates clones of legitimate wifis
 • Impossible to differentiate
  • Causes end users to connect (unknowingly) to a clone
   • Allows "bad guys" to steal information

How does it work? (Conceptual)

1. End Users click on the spoofed access point
 2. End Users browse the internet as normal
  3. "Bad guys" perform man in the middle attacks (stripping of ssl layer for any site)
   • Allows "bad guys" to see all the network traffic in plain text
    • Ultimately, information is stolen unknowingly to end user

How can one avoid revealing information?

• Don't access websites that require inputting personal information
 • Unless you are sure the access point is legitimate or your connection is secure
• How can you ensure a secure connection?
 • Check if you are using https protocol (most honeypots merely strip the ssl layer)
  • However https certificates can be spoofed in rare cases
 • Ultimate security is the use of a Virtual Private Network (VPN)
  • Creates a secure "tunnel" that encrypts all outgoing network traffic (even though going through outside wifi)

Demo time

1. Configure a phony access point
2. Show how hard it is to differentiate between legitimate access point and the phony
3. Show consequences of not knowing if your wireless access point connection is secure
4. Show how VPN protects you