You might have seen recent reports of a man stealing login details from other people on a flight, using an ‘evil twin’ attack.
Allegedly, he established a Wi-Fi hotspot that looked very like the one available for in-flight Wi-Fi. This is what the word ‘twin’ refers to in this kind of attack.
Typically, this kind of attack is reliant on unsuspecting people using that ‘twin’ hotspot rather than the genuine one. The attackers then capture any login details and other personal information that their targets enter. This, of course, is where the ‘evil’ element of the attack name comes in.
What could the attacker do? They could:
- use that sensitive information to gain access to your accounts in future
- capture your transactions (e.g. bank transfers) and edit the details in their favour
- add malware to your device, so that they can control it even when you are no longer using the evil twin Wi-Fi.
This kind of attack can happen anywhere in public places where free Wi-Fi is available. Coffee shops are an obvious location, as are trains, libraries or airport lounges (not just the flights).
Often the attacker sets up a fake captive portal. This is the page that asks for your name, email address and sometimes a password before you can log in. A captive portal adds credibility to their attack (particularly if it matches the original), but also gives them a little bit of information about the victim which they may be able to use in the future.
The attack is invisible to the victim. You won’t know it has happened until later (and you might not spot it at all).
What can you do to avoid an evil twin attack?
There are steps you can take to reduce your risk of an evil twin attack:
- Avoid unsecured Wi-Fi networks. If you have to use public Wi-Fi, check for near-duplicate hotspot names (one of them might be dodgy)
- Use a personal hotspot—for example, tether your laptop to your mobile
- Avoid using private accounts on public Wi-Fi if you can
- If you must check private accounts in public, put multi-factor authentication in place, to add an extra security layer
- Turn off auto-connect, to avoid accidentally connecting to an evil twin
- Use only HTTPS websites. Those connections are encrypted, so the attacker won’t be able to see your data as it travels to and from the websites you are using
- Use a VPN to encrypt your data
- Pay attention to any alerts that your device provides, and act on them.
If you have staff that have to travel, include information about this kind of attack in your regular cyber security awareness sessions.
Need help with any cyber security issues in your business? Contact the Click and Protect team on 0113 733 6230 or through our contact form.