Although mobility brings productivity, it also has a dark side, one that creates an element of risk and can open corporate resources open to attack or contribute to the growing problem of data leakage.

Frank J. Ohlhorst, IT Consultant, Editor-at-Large

August 26, 2014

3 Min Read
Evil Twin Hotspots: Opportunity for Solution Providers

Mobility projects and bring your own device (BYOD) initiatives are growing at exponential rates in most enterprises, creating a host of security concerns that are all but impossible to defend against. Nowhere is this more true than with the mobile knowledge worker, who has come to rely on hotspots in airports, coffee shops, hotels and public areas to keep in contact with the corporate network and its associated applications.

Although mobility brings productivity, it also has a dark side, one that creates an element of risk and can open corporate resources open to attack—or, at the very least, contribute to the growing problem of data leakage. What’s more, those problems can occur all without the knowledge of the user, who simply becomes a pawn in the game of malicious activity.

The Rise of the Evil Twin

An Evil Twin hotspot is a Wi-Fi access point set up by cybercriminals and designed to impersonate a legitimate hotspot. Evil Twin hotspots are on the rise and are starting appear most anywhere a business—a coffee shop, retail establishment or restaurant—provides free Wi-Fi access to its patrons. Evil Twin hotspots mimic legitimate hotspots so effectively that many users are unaware that they even exist. However, Evil Twin hotspots have one sinister intention in mind, stealing information and intercepting data.

Cybercriminals build Evil Twin hotspots to allow them to both eavesdrop on network traffic and insert themselves into the data conversation between the victims and their destination servers. By tricking users into connecting to the illegitimate hotspot, a cybercriminal can steal account names, passwords and redirect victims to malware sites, phishing sites or other illegitimate sites. Cybercriminals also can view the contents of files that are downloaded or uploaded by users connected to the Evil Twin access point.

Users are unaware they are connected to Evil Twin hotspots because the perpetrators use the SSID (network name) of the legitimate access point. The whole experience is transparent to the victim. Most of the time users reach their intended Internet destinations, unaware that someone is eavesdropping on the network traffic and stealing information such as logins, credit card numbers and data files.

Mobile workers connecting to Evil Twin hotspots are one of the biggest nightmares for IT workers supporting their mobile workforce. Regrettably, there aren't a lot of ways to defend against this type of attack. Some believe wireless encryption prevents such an attack; however, technologies such as Wi-Fi Protected Access (WPA) don't encrypt user data until after the association between the victim's network device and the access point has been established.

Although the situation has created something of a conundrum, in which IT managers must allow the use of public hotspots yet work to keep information secure, solution providers may very well have an answer to the problem.

It all comes down to authenticating the user and adding an extra level of encryption. Simply put, two-factor authentication coupled with a VPN can stop Evil Twins in their tracks. What’s more, enforcing HTTPS connections further can prevent interception of data.

That creates three distinct opportunities for solution providers: two-factor authentication systems, VPNs and SSL-based products. Luckily, all three can be bundled in the form of a cloud service, and dozens of vendors out there are ready to work with partners to bring those solutions to fruition.

As business mobility needs grow, so will the need for effective security. Now is the time for the channel to get involved and educate businesses on the security threats of mobility while providing what may be turnkey solutions to what may be one of the biggest security opportunities facing the market.

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Frank J. Ohlhorst

IT Consultant, Editor-at-Large

Frank J. Ohlhorst is an award-winning technology journalist and technology analyst, with extensive experience as an IT business consultant, editor, author, presenter and blogger. He frequently advises and mentors technology startups and established technology ventures, helping them to create channel programs, launch products, validate product quality, design support systems, build marketing materials, as well as create case studies and white papers.

Mr. Ohlhorst also has extensive experience assisting businesses looking to launch analytics projects, such as big data, business intelligence and resource management. He also has taken on contract roles as a temporary CIO, CTO and data scientist for startups and new ventures. Mr. Ohlhorst also provides forensic services for data security and assist with compliance audits, as well as researching the implications of compliance on a given business model.

Mr. Ohlhorst also has held the roles of CRN Test Center director, eWeek’s executive editor, technology editor for Channel Insider, and is also a frequent contributor to leading B2B publications.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like