Case of study: Identity theft in a university WLAN: Evil twin and cloned authentication web interface

Abstract

This paper is about the insecurity of the Wireless LAN of a university that is supposed to be available only for students and teachers through a username and a password. This attack shows how to deceive a user making him think he is connecting to a real access point and entering his information in the real web interface that the university provides for user authentication. We create a fake access point using the same name of the university's WLAN to capture login credentials using a fake authentication web interface and then use this information for identity theft. After the demonstration we present possible solutions and recommendations to be aware and avoid this kind of attacks that are a high risk for the security of students and teachers.