What Is an Evil Twin Attack? Wireless Attacks Explained | AP Cybersecurity

AP Cybersecurity Topics › Evil Twin & Rogue APs

Unit 1 • Topic 1.3 • Best Practices for Public Networks

What Is an Evil Twin Attack? Plus Jamming & War Driving Explained

An evil twin is a fake Wi-Fi access point that impersonates a real network so victims connect to it. Topic 1.3 also covers jamming and war driving. Each is a distinct wireless attack with a distinct goal.

Three wireless attacks, three goals
How to defend
Real-world example
Key terms
Match it up
Check for Understanding
FAQ

Evil twinimpersonate

Jammingdisrupt

War drivingdiscover

Three wireless attacks, three different goals.

Three wireless attacks, three goals

Evil twin (rogue access point): the attacker broadcasts a network with the same name as a trusted one, so victims connect and route traffic through the attacker. The goal is interception. Jamming: the attacker floods the area with signal to disrupt the legitimate network, often to push users onto a fake one. The goal is disruption.

War driving: the attacker drives or walks around detecting wireless networks and their settings to map targets. The goal is discovery, not immediate interception.

Scenario

An attacker first records network names around a neighborhood, then sets up a laptop broadcasting the same name as a real network at a cafe. Name each step.

Reveal answer

Step one is war driving (discovering networks). Step two is an evil twin (impersonating a real network to capture traffic).

Exam tip

Match the attack to its goal: evil twin impersonates, jamming disrupts, war driving discovers. The verbs are the discriminator.

How to defend

The same Topic 1.3 protections apply: verify the exact network name to avoid the evil twin, use a VPN so intercepted traffic stays encrypted, and consider data sensitivity before connecting at all.

If a known network suddenly drops and a look-alike appears, treat it as suspicious; that pattern can be jamming used to push you onto an evil twin.

Scenario

Your usual cafe network stops working and an identical name appears with a stronger signal. What should you suspect?

Reveal answer

Jamming paired with an evil twin. The real network may be disrupted to push you onto the fake one. Verify the name and use a VPN, or wait.

Real-world example

Airport evil-twin case (2024)

Authorities in Australia reported charging a traveler who ran fake Wi-Fi networks at airports and on flights, copying real network names to harvest people's logins.

Verify the exact network name before connecting.

Key Terms

Evil twin	A rogue access point impersonating a real network to intercept traffic.
Rogue access point	An unauthorized access point, often an evil twin.
Jamming	Flooding an area with signal to disrupt the real network.
War driving	Moving around to detect and map wireless networks.
SSID	The broadcast name of a wireless network.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.

Term

Definition

All matched. Nice work.

Common Mistakes

Confusing evil twin with jamming

Evil twin impersonates to intercept; jamming disrupts. Different goals.

Thinking war driving steals data directly

War driving discovers networks. The data theft comes later through another attack.

Trusting the stronger signal

Attackers often broadcast a stronger signal to win the connection. Signal strength is not trust.

Assuming a matching name means safety

An evil twin copies the name exactly. Verify with the venue, not by name alone.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.

Question 1

An attacker broadcasts a network with the same name as a cafe's real Wi-Fi to capture traffic. This is:

B. Impersonating a real network name to intercept traffic is an evil twin (rogue access point).

Question 2

Which attack's primary goal is to DISRUPT a wireless network?

A. Jamming floods the area with signal to disrupt the legitimate network.

Question 3

Match the attacks to goals. I. Evil twin = impersonate. II. Jamming = disrupt. III. War driving = discover.

C. All three pairings are correct.

Question 4 Predict first

An attacker drives a neighborhood recording Wi-Fi names and encryption types. This is:

D. Detecting and mapping wireless networks while moving is war driving.

Question 5 Predict first

Your known network drops and an identical-named network appears with a stronger signal. The BEST response is:

A. This pattern suggests jamming plus an evil twin. Verify and encrypt, or do not connect.

Question 6

Which protection most directly defeats an evil twin?

D. Verifying the network name prevents connecting to a look-alike rogue access point.

Frequently Asked Questions

An evil twin is a rogue access point that broadcasts the same name as a trusted network so victims connect to it, letting the attacker intercept their traffic.

An evil twin impersonates a network to intercept traffic; jamming disrupts the legitimate network, often to push users onto the fake one.

War driving is moving through an area to detect wireless networks and their settings, mapping potential targets for later attacks.

← PreviousPublic Wi-Fi Dangers Next →VPNs & Protecting Data

Keep studying

All Topics Unit 1 Study Guide Practice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Typically responds within 24 hours

✓

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

Name *

Email *

I am a... (optional)

Which course? (optional)

Phone (optional)

How did you find us? (optional)

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Message (optional — leave blank if just subscribing)

✉

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

⏱

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]