Defcon15: new variant of Evil Twin to be revealed

AirTightDefcon is almost here, and now I have a highlight planned for Saturday: AirTight Networks will be revealing a new varient of Evil Twin. Evil Twin has been known about longer that I was aware; basically it’s someone running a laptop in a wifi hotspot (like a coffee shop) that impersonates the hotspot’s access point (AP) so that unknown customers connect there instead of the real hotspot. After that it’s up to the attackers imagination, but the best ploy would be to pass packets along to the real hotspot, while logging everything that the customer sends/receives via wifi. AirTight will, “…reveal the discovery of a more potent variant of Evil Twin (which Airtight has labeled MultiPot) against which the prevalent defenses, in particular deauth based session containment, are totally ineffective. A demonstration of MultiPot threat will be provided at the end of the presentation”. Wow, this is going to be cool, hopefully they’ll include some code for the ‘sploit so I can do a proof of CONcept on it. Wifi security is going to become a bigger and bigger problem to focus on as more and more people get wireless (and leave their router unsecured at home…hello?)