Many users are under the misconception that leaving their smartphone WiFi switched ON only leads to a persistent battery drain. While this is not inaccurate, the truth is that there is another threat to be aware of. This is the threat of the ‘evil twin’.
Anyone who has used WiFi on a smartphone knows that once a network SSID (the name of the network itself) and other details have been entered, the device automatically connects to this network whenever it is in range. This makes one wonder what happens when there is no visible network in range when the WiFi is turned ON.
The smartphone sends and receives probing requests
Once the WiFi has been enabled on a device, it scans the airwaves for all available networks in the vicinity in two simultaneous ways. ‘Passive scanning’ occurs when the device listens for networks that broadcast themselves and ‘Active scanning’ occurs when the device actively probes for all networks that it has connected to in the past. This discovery process is carried out constantly until the device finds a network to connect to.
The dangers of probing requests
While this in itself is not a threatening scenario for users, the real issue here is that when the device probes for networks it actively broadcasts the various network SSIDs it prefers. An attacker can obtain this information easily and this reveals the unaware users’ preferred networks and other location sensitive data.
Advanced attackers can take this a step further and create a rogue connection, or an ‘evil twin’, which possesses the exact same SSID that the device is scanning for. Thus he can force the device to connect to his network and this enables him to intercept and transfer information with consummate ease. If you think this is extremely complex to achieve then you will be surprised to learn that all an attacker needs is a functional router and some freely available software to accomplish this.
The risks of the Evil Twin network
- The owner of this rogue connection can launch man-in-the-middle (MITM) attacks to intercept any data that is exchanged to and from the device.
- Free programs over the Internet give the attacker the ability to decode web access packets to reveal login IDs and passwords in clear text.
- The attacker can gain control over email accounts and social networks, scan the contacts list, view text messages and more.
- An attacker can also send a spoof SMS that claims to be from someone on the contacts list of the device.
- The attacker can trick the user into visiting a page that looks genuine, but is actually a page that phishes for personal and financial information.
How to avoid Evil Twin attacks
Unfortunately, smartphones do not have an option to disable active probing for wireless networks. The best solution to avoid such attacks is to simply turn the WiFi OFF when one leaves the security of home or office networks. This is a simple one-step process on most devices so there can be no excuses here. Alternatively, one can also make use of an application that turns the WiFi ON/OFF in specific geographical locations.
As a mandatory precaution, effective mobile phone security software is essential. Users who utilize the various tools that Quick Heal Mobile Security provides achieve high protection levels from ‘evil twin’ attacks and other persistent threats. Additionally, always remember to turn your WiFi OFF when there are no active networks in range, in order to avoid such attacks.