top of page
Search

Evil Twin Wi-Fi Networks: What They Are & How to Protect Against Them



You don’t want to run over your data on your smartphone, so connecting to public, free Wi-Fi is something everyone does. But is it safe? Today, we will take a look at one of the biggest dangers of connecting to non-secure wireless networks: Evil Twin Wi-Fi Networks. What are they and how do they work? What can you do to protect against them?


So you are out and about, maybe at your local coffee shop, and set up your laptop or smartphone to connect to the free Wi-Fi internet service offered. You click on what you believe is the correct Wi-Fi network, check your Facebook, read email and then check your bank account balance. Meanwhile, a hacker has eavesdropped onto your device and gained access to all of your login information and other personal data. You might not even realize it yet, but you have just been a victim of an “Evil Twin Wi-Fi” attack and your personal information may be at stake.


An Evil Twin is a wireless network posing as a legitimate network.


One of the most dangerous Wi-Fi threats is the “evil twin” AP, an attack technique that has been going strong for 20 years old. Evil twins appear to be authentic by cloning the MAC address and the name or service set identifier (SSID) of an existing AP network, much like phishing attack techniques. For example, a local coffee shop has a free wireless network named “CoffeeShopWiFi.” A hacker, using a device with the proper equipment, can broadcast the same SSID from within the building - they could even be sitting at a table! Ensuring the evil twin signal is stronger than the main network, customers may select this network or their devices may automatically connect for them, having a “Connect Automatically” setting on their device. This setting usually defaults to the stronger connection if there is an option available.


Hackers have also been known to implement a denial of service (DOS) attack on the legitimate network, disconnecting everyone from it and therefore forcing users to select the evil twin network or devices will default to it instead.


Another technique is to add a separate Wi-Fi network name that tricks the user into choosing the fake network by mistake. For example: using “lounge” in the lounge area of a hotel. This is an easy and highly effective trick.


Once a user’s device is connected to an evil twin network, the hacker will eavesdrop on that device, monitor the traffic, redirect the user to malicious sites and trick into downloading malware or trick users into putting in login information or other sensitive data into fake websites, much like how phishing scams work.


What can you do to avoid this risk?

  • Be sure to ask an employee what the correct network connection is before connecting your device.

  • If the network appears to be legit and requires a password, try entering an incorrect one. If the network accepts this incorrect password, then it is most likely an evil twin.

  • Disable any “auto connect” or “auto join” options for public wi-fi networks on your devices.

  • Manually disconnect from a public wi-fi every couple hours and manually reconnect with a password to confirm the connection.

Do You Own a Business with Free Wi-Fi? Here’s what you can do:

  • Clearly post the name of your wireless network and login information to customers in a prominent location so it is highly visible. Make sure the wireless network utilizes a password.

  • Every so often you should confirm the network with your own personal devices and see if there are any other networks trying to impersonate your network. Notify and alert your customers if necessary.

  • If you suspect that an evil twin or other malicious hosts on your property, hire a wireless professional trained in locating malicious AP.


Do you believe that your company is a victim of an evil twin network? Reach out to Cyber Defenders. We’d be happy to help.


Think you’ve been a victim of a malicious attack? Visit the Federal Trade Commission’s consumer website for more information.


Be sure to report any fraudulent activity to the Federal Trade Commission immediately.




0 comments

Recent Posts

See All

Comments


bottom of page