Name |
Evil Twin Wi-Fi Attack |
|
Likelyhood of attack |
Typical severity |
Low |
Low |
|
Summary |
Adversaries install Wi-Fi equipment that acts as a legitimate Wi-Fi network access point. When a device connects to this access point, Wi-Fi data traffic is intercepted, captured, and analyzed. This also allows the adversary to act as a "man-in-the-middle" for all communications. |
Prerequisites |
None |
Solutions | Commercial defensive technology that monitors for rogue Wi-Fi access points, man-in-the-middle attacks, and anomalous activity with the mobile device baseband radios. |
Related Weaknesses |
CWE ID
|
Description
|
CWE-300 |
Channel Accessible by Non-Endpoint |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-616 |
An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource. |
|