Difference between revisions of "Evil Twin Attack via Kali on Raspberry Pi"

An Evil Twin is a rogue access point designed to imitate a legitimate access point in order to carry out malicious actions such as phising.Regular laptops and Wi-Fi adapters can be used to set up an Evil Twin, or Raspberry Pis, as these are quite small and can be easily packed into a bagpack when powered by a battery bank. This setup can then be left in one place for several days, for example, during which time the AP can phish information.

Kali Linux on Raspberry Pi

For example, Kali Linux can be installed on a Raspberry Pi 4 Model B with 8 GB RAM. The Raspberry Pi 4 Model B is equipped with a Broadcom BCM2711, Quad core Cortex-A72 (ARM v8) 64-bit SoC @ 1.8GHz. This information is relevant because Kali Linux provides an image specifically for ARM processors on their website. This image can be downloaded at Kali Linux on ARM The Raspberry Pi 4 is equipped with a 64-bit processor and supports the execution of 64-bit images. This results in two options: Either the Kali Linux RaspberryPi 2, 3, 4 32-bit or 64-bit image can be selected, whereby more documentation is available for the 32-bit variant. In addition, the 32-bit image ran with fewer problems than the 64-bit image during practical tests. To get the image onto the Raspberry Pi, it must be transferred to a micro SD card. Balena Etcher or similar software can be used for this purpose. Once the image has been successfully transferred to the SD card, it can be inserted into the corresponding slot on the Raspberry Pi 4. This can then be started and Kali Linux will boot from the SD card. The username and password are kali/kali.

A more detailed guide to installing Kali Linux on a Raspberry Pi can be found in the following article: Install Kali Linux on Raspberry Pi 3 & 4

Field report

Evil Twin

Evil Twin using native Kali Linux Tools

At least the following kit is required to set up an Evil Twin: - Raspberry Pi 4 Model B - 8GB incl. accessories such as power cable and MicroSD - 2 x Alfa AWUS036ACH Wide Range AC1200 Wireless Adapter

Potential measures to protect against Evil Twins

Organisational measures are closely linked to personal measures. As an organisational measure, it can be established, for example, that different passwords must be used for different services and applications. This can prevent the same password being used for VPN access as for Wi-Fi access. In the corporate context, the operation of a structured and continuously improving information security management system can also be categorised as an organisational measure.

In the client-side area, care can be taken to ensure that the devices are configured so that only that only TLS-encrypted connections (e.g. HTTPS) are permitted. are allowed. This at least prevents the rogue access point from accessing data in plain text or manipulate it unnoticed.

The use of a VPN can also be recommended as a technical measure against MitM attacks. This is usually accompanied by increased information security through encryption of the traffic, which prevents transmitted data from being read or manipulated. In the context of a Wi-Fi MitM attack, a VPN hides the client's communication, encrypts the network traffic and hides metadata such as IP addresses or domain names.

Personal measures focus on the end user. Awareness-raising measures in particular can be derived in this context. It is important to sensitise users to the existing risks, make them aware and motivate them to support and implement the technical and organisational security measures. An easy-to-understand personal measure can be, for example, to pay attention to Wi-Fi names and other irregularities and to report these to the relevant reporting centres in the event of anomalies. This allows a quick response in the event of an emergency.

References