METDS - A Self-contained, Context-Based Detection System for Evil Twin Access Points

Mobile Evil Twin attacks stem from the missing authentication of open WiFi access points. Attackers can trick users into connecting to their malicious networks and thereby gain the capability to mount further attacks. Although some recognition and prevention techniques have been proposed, they have been impractical and thus have not seen any adoption. To quantify the scale of the threat of evil twin attacks we performed a field study with 92 participants to collect their WiFi usage patterns. With this data we show how many of our participants are potentially open to the evil twin attack. We also used the data to develop and optimize a context-based recognition algorithm, that can help mitigate such attacks. While it cannot prevent the attacks entirely it gives users the chance to detect them, raises the amount of effort for the attacker to execute such attacks and also significantly reduces the amount of vulnerable users which can be targeted by a single attack. Using simulations on real-world data, we evaluate our proposed recognition system and measure the impact on both users and attackers. Unlike most other approaches to counter evil twin attacks our system can be deployed autonomously and does not require any infrastructure changes and offers the full benefit of the system to early adopters.