Copyright Goodheart-Willcox Co., Inc. 463 Chapter 14 Wireless Network Security attacks by placing the rogue router near the target and providing a stronger signal so the victim connects to the evil twin by mistake. At this point, all traffic routes through the evil twin. A hacker can intercept and discover all data sent to and from the target. This process is illustrated in Figure 14-10. Hackers can deploy networks with SSIDs that sound legitimate. One way to do this is to create an SSID that is the same as a legitimate one except for case, such as ACME_Network instead of ACME_NETWORK. Bluejacking and Bluesnarfing Bluejacking is a Bluetooth-based concern in which somebody sends an unsolicited message, such as an advertisement, via Bluetooth. You may have had a retailer do this to you as you walked past a store in a mall. Bluejacking is usually just annoying, not a serious threat. A more troubling attack is called Bluesnarfing.BluesnarfingisaBluetooth-based attack in which a hacker exploits a Bluetooth connection to steal data from a Bluetooth-enabled device. Hackers may be able to inject viruses and other malware into the device. There are steps that can be taken to protect the data and device: ■ ■■ The easiest protection is turning off Bluetooth when it is not in use. ■ The risk of data being intercepted or for hijacking is high in public, crowded areas, so the user must be extra vigilant. ■ ■ Use the security measures offered on the device, from authentication to encryption. Disassociation A disassociation attack is a form of a denial of service attack in which the hacker disconnects a user from their wireless network. This is done by sending a disassoci- ation signal to the victim. A disassociation signal is one that deactivates a user from an access point. When the victim’s computer is disconnected, it will typically attempt to reconnect to the current network automatically or search for a wireless network. If the hacker had also established an evil twin, the user’s computer could unknow- ingly connect to the illegitimate AP, especially if the evil twin signal is stronger than the legitimate AP’s. Within minutes, all traffic between the two devices can be inter- cepted and parsed using a program such as Ettercap or Wireshark. 1.4 1.4 School Library (Evil Twin) School Library (Legitimate Router) Strong Signal Weak Signal Goodheart-Willcox Publisher (tablet) romvo/Shutterstock.com (routers) RealVector/Shutterstock.com Figure 14-10 An evil twin router carries the same SSID as the desired AP and provides a stronger signal, which means it will likely be the one to which a user connects.