Abstract
The increasing use of Wi-Fi in higher education also brings security risks, such as Evil Twin Attacks that trick users into connecting to fake access points. This study aims to assess the vulnerability of Universitas Mataram’s Wi-Fi network to such attacks using a multihop model and to propose technical improvements. An ethical penetration testing method was applied using a NodeMCU ESP8266 with Deauther firmware, tested across 13 campus locations. Observed variables included the number of connected devices, user interaction with phishing pages, deauthentication success, and captured credentials. The results reveal that five out of 13 locations (38.46%) were vulnerable, where users were redirected to fake SSIDs and entered credentials, even though most deauthentication attempts failed. These findings highlight that attack success depends not only on deauthentication but also on firmware variation and AP configuration. The study implies the need for network security audits, firmware standardization, stronger authentication with full encryption, and enhanced user awareness to reduce phishing risks.