Evil twin attack on Wi-Fi network has been a challenging security problem and several solutions have been proposed to this problem. In general, evil twin attack aims to exfiltrate data, like Wi-Fi and service credentials, from the client devices and considered as a serious threat at MAC layer. IoT devices with its companion apps provides different pairing methods for provisioning. The "SmartConfig Mode", the one proposed by Texas Instrument (TI) and the "Access Point pairing mode (AP mode)" are the most common pairing modes provided by the application developer and vendor of the IoT devices. Especially, AP mode use Wi-Fi connectivity to setup IoT devices where a device activates an access point to which the mobile device running the corresponding mobile application is required to connect. In this paper, we have used evil twin attack as a weapon to test the security posture of IoT devices that use Wi-Fi network to set them up. We have designed, implemented and applied a system, called iTieProbe, that can be used in ethical hacking for discovering certain vulnerabilities during such setup. AP mode successfully completes when the mobile device is able to communicate with the IoT device via a home router over a Wi-Fi network. Our proposed system, iTieProbe, is capable of discovering several serious vulnerabilities in the commercial IoT devices that use AP mode or similar approach. We evaluated iTieProbe's efficacy on 9 IoT devices, like IoT cameras, smart plugs, Echo Dot and smart bulbs, and discovered that several of these IoT devices have certain serious threats, like leaking Wi-Fi credential of home router and creating fake IoT device, during the setup of the IoT devices.

翻译：Wi-Fi网络中的邪恶双子攻击一直是一个具有挑战性的安全问题，已有多种解决方案被提出。通常，邪恶双子攻击旨在从客户端设备窃取数据（如Wi-Fi和服务凭据），被认为是MAC层的严重威胁。物联网设备及其配套应用程序提供了多种用于初始配置的配对方式。“SmartConfig模式”（由德州仪器公司提出）和“接入点配对模式（AP模式）”是应用程序开发者和物联网设备厂商最常用的配对方式。特别地，AP模式通过Wi-Fi连接来配置物联网设备：设备激活一个接入点，运行对应移动应用的移动设备需要连接至该接入点。在本文中，我们利用邪恶双子攻击作为手段，测试使用Wi-Fi网络进行配置的物联网设备的安全状况。我们设计、实现并应用了一个名为iTieProbe的系统，该系统可用于道德黑客攻击，以发现此类配置过程中的特定漏洞。当移动设备能够通过Wi-Fi网络经由家庭路由器与物联网设备通信时，AP模式即成功完成。我们提出的iTieProbe系统能够发现使用AP模式或类似方法的商用物联网设备中的多个严重漏洞。我们在9款物联网设备（如物联网摄像头、智能插座、Echo Dot和智能灯泡）上评估了iTieProbe的有效性，并发现其中多款设备在配置过程中存在严重威胁，例如泄漏家庭路由器的Wi-Fi凭据以及创建虚假物联网设备。