Public Wi-Fi

Public Wi-Fi offers a convenient solution, allowing us to work, browse, and socialize online while on the go. However, this convenience can come with hidden risks.

evil twin attack

An evil twin attack is a cyber attack where a hacker creates a fraudulent Wi-Fi network that looks legitimate to users. This deceptive network typically has a name similar to a legitimate network nearby, tricking users into connecting to it instead. Hackers strategically select locations with high concentrations of public Wi-Fi users, like airports, coffee shops, libraries, or even conference centers. 

Evil twin attacks are particularly concerning as they can be executed in various environments, including public places like airports, cafes, hotels, and shopping malls, where users frequently connect to public Wi-Fi networks.

Once a user connects to the fake network, the hacker can intercept all communication between the user’s device and the internet. This interception allows the attacker to eavesdrop on sensitive information transmitted over the network, such as login credentials, personal data, financial information, etc. Additionally, the hacker can deploy various malicious techniques, such as injecting malware into the victim’s device or redirecting web traffic to phishing websites.

rogue access points

Rogue access points (RAPs) are unauthorized access points that connect to existing networks. Malicious actors might use them to bypass security or launch internal attacks. Unintentional RAPs can be created by users unaware of security protocols. The presence of an RAP weakens network security and increases the risk of data breaches or malware propagation.

Techniques Used to Fool People

Deceptive naming | The attacker crafts a network name that closely resembles the legitimate one. They might manipulate the name by adding or removing characters, using slight variations in spelling or capitalization. For example, the legitimate network name might be “CoffeeShop_FreeWifi,” while the evil twin could be named “Coffee_Shop_Free_Wifi” or “CoffeeShop_Guest_WiFI”.

Signal strength manipulation | In some cases, attackers might deliberately increase the signal strength of the evil twin network compared to the legitimate one. This can trick devices with automatic connection settings to connect to the stronger (fake) network.

Social engineering | Attackers might leverage social engineering techniques to entice users to connect. This could involve sending pop-up messages or notifications advertising “free Wi-Fi” that directs users to the fake network.

Unsecured network | If the legitimate network is open and unsecured (no password required), users might be more likely to connect without hesitation, increasing the chance of falling victim to the evil twin.

How to Avoid 

  1. Verify WiFi network names | Carefully examine the available Wi-Fi networks. Legitimate networks typically have unique names associated with the venue or establishment providing the connection. Confirm the official name of the Wi-Fi  from a trusted source at the establishment, like a staff member.
     
  2. Unsecured network warning signs | Avoid connecting to open, unsecured networks altogether. Public Wi-Fi without password protection is a prime target for evil twin attacks. Legitimate networks typically require a password for access, offering an additional layer of security. Public Wi-Fi networks that lack password protection present a prime opportunity for cybercriminals to execute evil twin attacks. Often labeled “open” or “unsecured,” these networks allow anyone within range to connect without authentication. While convenient for users seeking quick internet access, these networks pose significant security risks.
     
  3. Limited activity on public Wi-Fi | Minimize sensitive activities like online banking, entering passwords for financial accounts, or making online purchases while connected to public Wi-Fi. These activities involve transmitting sensitive data, making them prime targets for interception. If necessary tasks like checking bank balances cannot be avoided, consider waiting until you’re on a secure, private network.
     
  4. Use a Virtual Private Network (VPN) | Consider using a reputable VPN service, especially on public Wi-Fi. A VPN encrypts your internet traffic, making it harder for attackers to intercept your data, even if they trick you into connecting to a fake network. Choose a VPN service with a strong reputation for security and privacy. TFCA staff need to use TFCA's VPN even if they don't need to connect to the network.