Multipot: A More Potent Variant of Evil Twin

Presented at DEF CON 15 (2007), Aug. 4, 2007, 1 p.m. (50 minutes)

This presentation pertains to a discovery of a more potent variant of Evil Twin. We call it Multipot. Multipot consists of multiple APs which are configured with the same SSID and lure WiFi clients into connecting to them. The term Multipot is derived from 'multiple' and 'honeypot'. Multipot can occur naturally in the form of multiple Municipal APs or Metro APs around the victim client, all of which are naturally configured for the same SSID (e.g., GoogleWiFi). Such a natural Multipot can induce non-policy compliant communication from wireless clients of an organization. There can also be a handcrafted or malicious version of Multipot where an attacker can combine it with known Evil Twin attack tools (e.g., KARMA, delegated) and launch a Man-in-the-Middle attack against wireless clients. The prevalent Evil Twin defenses are ineffective against Multipot. In particular, the prevalent defenses include: i) Taking precaution so that clients are not lured to Evil Twins (e.g., specialized client side software), and ii) since these precautions are not always foolproof or practical, using a Wireless Intrusion Prevention System (WIPS) to block clients' connections to Evil Twins. Most of the current WIPS use deauthentication (deauth) based session containment to defend against this threat. In this presentation, we demonstrate that Multipot renders the deauth based session containment completely ineffective. Multipot provides a glimpse into the complexities of evolving wireless vulnerabilities and their countermeasures.

Presenters:

• K N Gopinath - Senior wireless security researcher/manager, R&D Group, AirTight
  K N Gopinath (Gopi) is a senior wireless security researcher and senior engineering manager at AirTight Networks. Gopi has several years of experience with 802.11 protocol implementations, device drivers, WiFi networks, and wireless intrusion detection and prevention. His research focuses on making wireless networks secure. His current interest includes understanding wireless MAC implementation anomalies and wireless devices fingerprinting. Gopi also has invented several patent pending wireless intrusion detection and prevention techniques. Gopi holds a Master's degree in Computer Science and Engineering from the Indian Institute of Technology Kanpur (IITK), and in the past has worked as a researcher at Bell Laboratories at Murray Hill, NJ. He has published several technical papers and delivered invited talks in international networking and security conferences/workshops.

Links:

• https://defcon.org/html/defcon-15/dc-15-speakers.html#Gopinath
• https://infocon.org/cons/DEF CON/DEF CON 15/DEF CON 15 video/DEF CON 15 - KN Gopinath - Multipot - Video.mp4
• https://www.youtube.com/watch?v=B8QYkLdNXkA

Similar Presentations:

• GrrCON 2015 / Is it EVIL?
• BruCON 0x08 (2016) / Decepticon The Rise and Evolution of an Intelligent Evil Twin…!!!