Protecting Your Yacht Network From Evil Twins
In my blog post entitled 4 Ways to Deter Superyacht Internet Hackers, I asked you to imagine this headline: Hackers Access Bank Accounts, Passports and Personal Information from Superyacht Guests and Crew!
I described a frightening scenario where electronic devices used on a superyacht in port might, while searching for the port's Wi-Fi connection, be tricked into linking to a nefarious Wi-Fi connection. In the cyber world, this type of connection is called an “evil twin.”
Wikipedia says:
Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.
The attacker uses a bogus wireless access point, purporting to provide wireless Internet services, but snooping on the traffic. When the users log into unprotected (non-HTTPS) bank or e-mail accounts, the attacker has access to the entire transaction, since it is sent through their equipment.
According to Wikipedia, this is how hackers use evil twins to trick you into giving up your information:
Unwitting web users are invited to log into the attacker's server with bogus login prompts, tempting them to give away sensitive information such as usernames and passwords. Often users are unaware they have been duped until well after the incident has occurred.
Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to its evil twin by it sending a stronger signal within proximity to the wireless client.
For people who know what they are doing, rogue access points are fairly easy to set up. All it takes is a laptop with a wireless card that can be used as an access point. And the hacker can make a wireless network look legitimate by giving the fake access point a name that is similar to the actual Wi-Fi network's name.
Once connected to on board electronic devices, the bad guys might gain access to your passwords, bank account numbers and other financial information. In 4 Ways to Deter Superyacht Internet Hackers, I gave (and thoroughly explained) the following tips for avoiding evil twin hacks:
Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to its evil twin by it sending a stronger signal within proximity to the wireless client.
For people who know what they are doing, rogue access points are fairly easy to set up. All it takes is a laptop with a wireless card that can be used as an access point. And the hacker can make a wireless network look legitimate by giving the fake access point a name that is similar to the actual Wi-Fi network's name.
Once connected to on board electronic devices, the bad guys might gain access to your passwords, bank account numbers and other financial information. In 4 Ways to Deter Superyacht Internet Hackers, I gave (and thoroughly explained) the following tips for avoiding evil twin hacks:
1. Make sure you verify the network name EXACTLY.
2. Use encrypted sites.
3. Update your software whenever updates are available.
4. Use a VPN service.
A new way to fight back.
I just read about a new tool to defend networks from evil twins in an article by Lucian Constantin of IDG News Service. The article describes a product called EvilAP_Defender, which is “designed specifically to detect malicious access points that are configured by attackers to mimic legitimate ones in order to trick users to connect to them.”
According to Constantini, EvilAP_Defender "can use a computer’s wireless network card to discover rogue access points that duplicate a real access point’s SSID, BSSID, and even additional parameters like channel, cipher, privacy protocol, and authentication." EvilAP_Defender is open source software, meaning its source code is available for anyone to view, edit, and redistribute. It is also free of charge.
Constantin explains that when implemented, “the tool will first run in learning mode, so that the legitimate access point [AP] can be discovered and whitelisted. It can then be switched to normal mode to start scanning for unauthorized access points. If an evil AP is discovered, the tool can alert the network administrator by email, but the developer also plans to add SMS-based alerts in the future.”
I haven't yet tried EvilAP_Defender, but I like the idea that developer Mohamed Idris is trying to protect humanity from nefarious computer hackers. And the fact that this is free and open source gives me additional faith in the powers of good over evil. Sure, there will always be bad guys. But there are many more good people in this world poised to do battle with them.
Contact: Great Circle Systems
-------------------------------------------------------------------------------------
Since co-founding Great Circle Systems with Scott Strand in 1999, Andy has split his time between executive management functions, guiding development of the company's products and services, such as the NAS3000 Optimizer, and providing high level technical consulting services to GCS clients.On the technical side, Andy specializes in maritime Internet communications, vessel network design and integration, and superyacht remote support and administration. He has over 30 years of professional experience in software design and development and information technology management. Andy received a BS in Computer Science from the University of California.
Post your comment
You cannot post comments until you have logged in.
Login to post a commentComments
No one has commented on this page yet.
RSS feed for comments on this page | RSS feed for all comments