BackgroundOn 28th of June 2024, The Australian Federal Police (AFP) charged a West Australian man who allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them.
On an unrelated note, justaPancakeGuy published a project that uses the ESP32's onboard Wi-Fi to broadcast a fake network, which rickrolls unsuspecting users upon joining. That project highlights how easy it is to exploit Wi-Fi users.
BTW, Rickrolling is an internet meme that involves playing a trick on someone by tricking them into listening to Rick Astley singing his 1987 song, "Never Gonna Give You Up". We will rickroll our users in this project as well.
It was either that or...
"Then, how is this project different?" you might ask. This project will not only work on ESP32, but also on ESP8266. Furthermore, this project will capture the MAC address of the device that connects to it. Additionally, this project will allow mimicking local Wi-Fi so we don't have to use the hardcoded "Free Wifi" SSID.
ESP32
Since we're using M5Stack Core2, we can just power it on to create a Wi-Fi named "Free Wifi". Holding the middle button while resetting will enter the SSID name selection mode. A new local SSID will be displayed every couple of seconds. Releasing the middle button will set SSID of the evil twin to the last SSID displayed. If we run out of SSIDs the Wi-Fi evil twin will default to "Free Wifi".
ESP8266
I have been accused of being a "One-Trick Pony"... by a "Zero-Trick Pony". SMH. Instead of continuing the original project on ESP32 only, we will also modify the code to work on ESP8266 as well.
WeMos D1 Mini has enough pins for I2C connection to OLED display, SPI connection to Micro SD Card module, a passive buzzer, and a tactile switch. All components have been soldered on a perfboard in addition to vape battery and charger, a diode, and a slide switch.
ConclusionThe goal of this project is to raise awareness of Wi-Fi evil twin and other Wi-Fi based cyber-attacks. We're all familiar with phishing email sting operations, but never seen a similar campaign for mobile devices despite them being more vulnerable almost by definition. We logged the device's MAC address to pass on to security team so they can figure out who the user is and how to prevent this from happening in the future.
According to Kaspersky, you can protect your device from evil twins by doing the following:
- Avoid unsecured Wi-Fi hotspots
- Use your own hotspot
- Check warning notifications
- Disable auto-connect (never save a Wi-Fi and delete previously used ones)
- Avoid logging into private accounts on public Wi-Fi
- Use multi-factor authentication
- Stick to HTTPS websites
- Use a VPN
To add another layer of protection, keep Wi-Fi and Bluetooth disabled until you need to use them then redisable them immediately when done.
DemoIn the first part of the demo, we powered M5Stack Core2 to create the default Wi-Fi evil twin. In the second part, we held the push button down until we found the target SSID then released it to create a custom Wi-Fi evil twin.
Comments