Over the years, travelers have been repeatedly warned to avoid public Wi-Fi in places like airports and coffee shops. Airport Wi-Fi, in particular, is known to be a hacker honeypot due to relatively lax security. But while many people know to stay away from free Wi-Fi, it’s proving as irresistible to travelers as it is to hackers, who are now updating an old cybercrime tactic to take advantage of it.
A arrest in Australia the summer raised alarm in the United States that cybercriminals are finding new ways to profit from so-called “evil twin” attacks. It is also classified under a type of cybercrime called “Man in the Middle” attacks. bad twinning occurs when a hacker or group of hackers sets up a fake Wi-Fi network, most often in public settings where many users are expected to connect.
In this case, an Australian man was charged with Wi-Fi attacks on domestic flights and airports in Perth, Melbourne and Adelaide. He allegedly created a fake Wi-Fi network to steal email or social media credentials.
“As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common,” said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one read the terms and conditions or check the URLs on the free Wi-Fi.
“It’s almost a game to see how fast you can click ‘accept’ and then ‘login’ or ‘login.’ That’s the trick, especially when a user visits a new site, they might not even know what a legitimate site should look like when they’re presented with a fake site,” Radolec said.
Today’s “evil twins” can be more easily hidden
One of the dangers of today’s twinning attacks is that the technology is much easier to mask. An evil twin can be a tiny device and can be placed behind a screen in a coffee shop, and the small device can have a big impact.
“A device like this can create a deceptive copy of a valid login page, which could invite unwary users of the device to enter their username and password, which would then be harvested for future exploitation,” he said. Cincinnati-based IT consultant Brian Alcorn;
The site doesn’t even need to connect to you. “Once you enter your information, the deed is done,” Alcorn said, adding that a flustered, tired traveler would likely think the airport’s Wi-Fi is in trouble and never think twice.
People who are not careful with passwords, such as using pet names or favorite sports teams as passwords for everything, are even more vulnerable to an evil twin attack. Alcorn says that for people who reuse username and password combinations online, once the credentials are acquired they can be fed to AI, where its power can quickly give cybercriminals the key.
“You’re vulnerable to being taken advantage of by someone with less than $500 in equipment and less skill than you might think,” Alcorn said. “The attacker just needs to be motivated with basic IT skills.”
How to avoid becoming a victim of this cyber crime
When in public places, experts say it’s best to use alternatives to public WiFi networks.
“My favorite way to avoid evil twin attacks is to use your phone’s mobile hotspot if possible,” said Brian Callahan, Director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute.
Users will be able to detect an attack if through a phone they rely on their mobile data and share it through a mobile hotspot.
“You’ll know the name of that network since you built it, and you can put in a strong password that only you know to log in,” Callahan said.
If a hotspot isn’t an option, a VPN can also provide some protection, Callahan said, such as Traffic should be encrypted to and from the VPN.
“So even if someone else can see the data, they can’t do anything about it,” he said.
Airport, airline internet security issues
In many airports, responsibility for WiFi is outsourced and the airport itself has little or no involvement in securing it. At Dallas Fort Worth International Airport, for example, Boingo is the Wi-Fi provider.
“The airport’s IT team does not have access to their systems, nor can we see the usage and dashboards,” said an airport spokesperson For. “The network is isolated from DAL’s systems as it is a separate stand-alone system with no direct connection to any of the city of Dallas’ networks or systems internally.”
A spokeswoman for Boingo, which provides service at about 60 airports in North America, said it can detect rogue Wi-Fi hotspots through its network management. “The best way to protect passengers is by using Passpoint, which uses encryption to automatically connect users to certified Wi-Fi for a secure online experience,” he said, adding that Boingo has offered Passpoint since 2012 to improve Wi-Fi security and eliminate the risk of connecting to malicious hotspots.
Alcorn says evil twin attacks “definitely” happen with regularity in the United States, it’s just that it’s rare for anyone to get caught because they’re such sneaky attacks. And sometimes hackers use these attacks as a learning model. “A lot of satanic twin attacks can be experimental by people with beginner to intermediate skills, just to see if they can do it and get away with it, even if they don’t use the information gathered right away,” he said.
The surprise in Australia was not the evil twinning attack itself, but the arrest.
“This incident is not unique, but it is unusual that the suspect was caught,” said Aaron Walton, a threat analyst at Expel, a managed services security company. “In general, airlines are not equipped and prepared to handle or mediate allegations of piracy. The typical lack of arrests and prosecutions should motivate travelers to be careful with their own data, knowing how tempting and often unguarded a target it is – especially at the airport.”
In the Australian case, according to the Australian Federal Police, dozens of people had their credentials stolen.
According to a press release from AFP, “When people tried to connect their devices to the free WiFi networks, they were taken to a fake website asking them to sign in using their email or social media credentials. These data was then allegedly stored on the man’s devices.”
Once these credentials are collected, they could be used to extract more information from victims, including bank account details.
For hackers to be successful, they don’t need to fool everyone. If they can convince just a few people – statistically easy to do when thousands of hurried and hurried people are circling an airport – they will succeed.
“We expect Wi-Fi to be everywhere. When you go to a hotel, an airport, or a coffee shop, or even just outside, we expect Wi-Fi to be available, and often free Wi-Fi available.” Callahan said. “After all, what’s one more network name on the long list when you’re in an airport? An attacker doesn’t need everyone to connect to his evil twin, just a few people who keep putting credentials on sites that can be stolen.”
The next time you’re at the airport, the only way to be 100% sure you’re safe is to bring your own Wi-Fi.