Not the name of a new horror film, but an addition to the tech vernacular and a horror of its own kind, the term “evil twin” popped onto the scene earlier this month.
Dr. Phil Nobles of Cranfield University in the United Kingdom recently gave a presentation about wireless Internet vulnerabilities, particularly in Wi-Fi networks, at a wireless crime event held by the school.
“So-called `evil twin’ hot spots present a hidden danger for Web users. In essence, users think they’ve logged onto a wireless hot-spot connection when, in fact, they’ve been tricked to connect to the attacker’s unauthorized base station. The latter jams the signal to a legitimate base station by sending a stronger signal within close proximity to the wireless client-thereby turning itself into an `evil twin,’ ” explained Nobles.
Once the user is linked, whatever data is being transmitted is at risk of interception. The victim is not even aware the encroachment has occurred.
The still-fragile area of wireless in the enterprise suffers from such reports. It is well known that the implementation of enterprise wireless solutions are often quashed by fear.
In December we reported on a study by the Yankee Group, stating the “minimal addressable market” for wireless e-mail in the United States is 35 million workers, about 10 times the number of mobile professionals who currently use these services.
Professor Brian Collins, also of Cranfield, said, “Users can protect themselves by ensuring that their Wi-Fi device has its security measures activated.” He adds that out of the box, many products are configured in the least-secure mode possible.
If industry has a vested interest in exploiting the largely untapped enterprise market, then why? Yes, there are dozens of security companies and solutions out there, but time and again, when it comes to serving customers it is about education, ease of use and saving them those extra steps from the get go.
The IT manager wants to know that the return on the company’s wireless investment is going to be worth the hassle of keeping it secure as hackers and thieves continually step up efforts to steal what is not theirs-and that same IT manager must be provided the tools to do so.
You would not buy a luxury car without the dealer including and enabling the security system. Likewise, security cannot be an added-value feature in the wireless enterprise.
