A false access point, or fake WAP, is a passive information-gathering technique
used by malicious hackers and cybersecurity professionals. The basic idea is a wireless access point that is designed to lure users and collect data or gain unauthorized access. These attacks are used to gather personally identifiable information, and sometimes they are used to gain credentials for other wireless access points. This section will explore the mechanics of false wireless access points, the “evil twin” variation used for obtaining wireless credentials
, and how users and organizations can prevent these attacks from happening.
Fake access points are often set up in public spaces that typically offer free Wi-Fi access points. This could be airports, coffee shops, restaurants, or any such similar spaces. Hackers can also send deauth signals to adjacent access points, forcing user devices to disconnect from secured access points and connect to the false access point. Once connected, the attacker can begin monitoring traffic
via a man-in-the-middle attack, or the user can request sensitive credentials to gain entry to the access point. In some cases, attackers have managed to take control of devices connected to false access points.A more sophisticated version of the false wireless access point attack is the “evil twin” access point attack. The basic idea of the attack is the same, but some details have been altered to make it more likely to succeed. For one, the name of the false wireless access point
is made to be identical to a trusted access point. This is a sort of phishing attack that utilizes wireless access points instead of wireless communications. The attacker may shut down the original access point and quickly deploy a seemingly identical access point
for users to connect to. Once connected, the users may be prompted for wireless login credentials or other sensitive information. Attackers can use this attack to quickly and quietly gain unauthorized access to wireless networks. The access point may continue to serve traffic through the original access point once credentials have been entered, or the access point may simply display an error message once the information has been gathered. Either way, associating the SSID of a false wireless access point with a legitimate one will make users more likely to connect.
Data Loss Prevention
Prevention of data loss to false wireless access points is a matter of vigilance among network administrators. As this attack does not rely on infiltration or the distribution of malware, it must be specifically monitored. Strange hours of activity for trusted access points, the emergence of unknown and unverified public access points, and major differences in access point login screens are all indicators of a false wireless access point attack. On the user end of things, double-checking public access points before connecting, only connecting to trusted wireless access points, and awareness of wireless connections on your device are all ways to prevent losing your data to false wireless access points. This is an attack that is easily avoided, yet often overlooked.TL;DR
False wireless access points are used to target computers and mobile devices that utilize public access points. Users will connect, wittingly or unwittingly, to an untrusted wireless access point owned by the attacker. The attacker will then gather data, request credentials, or even take control of the device. This section explains the basic mechanics of a false wireless access point attack, the advanced “evil twin” variation of the attack, and preventative measures for fake WAP attacks.