Case of study: Identity theft in a university WLAN Evil twin and cloned authentication web interface

Author

Briones, Jose Maria ; Coronel, Mario Alejandro ; Chavez-Burbano, P.

Author_Institution

Fac. de Ing. en Electr. y Comput., Escuela Super. Politec. del Litoral (ESPOL), Guayaquil, Ecuador

fYear

2013

fDate

22-24 June 2013

Firstpage

1

Lastpage

4

Abstract

This paper is about the insecurity of the Wireless LAN of a university that is supposed to be available only for students and teachers through a username and a password. This attack shows how to deceive a user making him think he is connecting to a real access point and entering his information in the real web interface that the university provides for user authentication. We create a fake access point using the same name of the university´s WLAN to capture login credentials using a fake authentication web interface and then use this information for identity theft. After the demonstration we present possible solutions and recommendations to be aware and avoid this kind of attacks that are a high risk for the security of students and teachers.

Keywords

computer network security; educational administrative data processing; message authentication; user interfaces; wireless LAN; cloned authentication Web interface; evil twin attack; fake access point; fake authentication Web interface; identity theft; local area network; login credentials; university WLAN; user authentication; wireless LAN; Authentication; Educational institutions; Servers; Wireless LAN; Wireless networks; evil tween; identity theft; wireless;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (WCCIT), 2013 World Congress on

Conference_Location

Sousse

Print_ISBN

978-1-4799-0460-0

Type

conf

DOI

10.1109/WCCIT.2013.6618697

Filename

6618697