What’s the difference between a rogue access point and an evil twin?


So far from what I’ve understood is that they’re both illegitimate access points designed to trick users into connecting in an attempt to steal their data, so what’s the difference?

In: 1

A rogue access point is an illegitimate access point plugged into a network to create a bypass from outside into the legitimate network. By contrast, an evil twin is a copy of a legitimate access point.

Evil Twin is a kind of Rogue AP.

The most common Rogue AP is an ilegitimate AP that is plugged in a network to create a bypass from outside into the legitime network.

An Evil Twin is a copy of a legitimate AP. The target is different. It tries to hook clients to connect to the fake network to steal information, but is a kind of Rogue AP too

Rogue access point is like, we work in an office. At lunch a few employees you like complain that they don’t have cell or WiFi access during lunch. So to impress everyone, you bring in your own router, unplug your computers Ethernet during lunch, and plug in your router, telling everyone to connect to it.

An Evil Twin is like, I make a router that listens for devices in the area. All devices are constantly sending signals asking if their known networks are available. My Evil Twin hears this call, reconfigures its host name and tells the sending device, *I’m the x network that you’re looking for, send me the password hash…. Correct… Welcome to the (logged) internet. Here, have some extra files free of charge*

A rogue access point is like someone getting access to the bank through a side door that wasn’t supposed to be open. An evil twin is like someone building a replica of the bank nearby, hoping someone will punch the real entry key code into the fake keypad, not realizing it isn’t the real bank.