Taking advantage of the ubiquitous wifi hotspots you find when you’re shopping, traveling, or just going out for a cup of coffee is perfectly natural. It’s practical and convenient, which is the point of such technology. However, public wifi hotspots are probably the riskiest digital environment you can find. Evil twin attacks are one of the factors that make them so dangerous, so it’s a good idea to learn what they are and how you can protect yourself.
Evil twin attacks: What are they?
Imagine that a hacker in a public wifi network sets up a wifi fake access point that mimics an authentic one near it. That’s an evil twin attack. As the users connect to the phony node, all their traffic goes through a computer in the hacker’s hands, so he becomes privy to everything the user does online.
Hackers don’t need many resources to develop an evil twin. Even a smartphone will do the trick as long as it has the right software in it. Evil twin attacks are most frequent in public wifi hotspots.
The mechanics of an evil twin attack
So let’s initiate you in the arcane arts of evil twin attacks. Here is how they work:
Finding the right spot
The attacker starts by finding a good place to set up the shop. This would be a busy place, popular, and with known public wifi access. So airports, hotels, libraries, and coffee houses fit the bill. Even better, from the hacker’s point of view, these places often offer multiple nodes with the same name, making the evil twin’s existence even harder to detect.
Setting up the wifi access point
The next step is to have a look at the local traffic to notice the names of the legitimate networks or their Service Set Identifier (SSID). Then you set up another access point using the exact name of one of the surrounding SSIDs. This new node can be a smartphone, a laptop, a tablet, or a portable router. The hacker also has the option to use a wifi pineapple to increase its range. Any device that connects to the evil twin can’t tell the difference.
Encouraging users to use the evil twin
If the hacker moves closer to a given user in the environment, the evil twin’s signal will be much stronger for that user. So naturally, that’s an incentive to connect, and many devices are configured to pick the most vital signals by default.
Setting up a fake portal
Most public wifi services will take you to a portal in which you need to provide some credentials before you can go ahead and surf the web or do anything else online. Unfortunately, hackers will mimic this portal to have the users provide them with login credentials and other data.
Stealing the data
If you connect to one of these fake spots, the hacker becomes your ISP. Then, the attack moves to the next step, known as “Man in the middle.” Finally, the hacker monitors all your traffic. So if you log in to your Facebook account, the hacker will have the means to retrieve your login and password.
What makes evil twin attacks so dangerous?
Evil twin attacks are exceedingly dangerous because they take everything away to a third party when they succeed. Login credentials to all types of websites (from social networks to banking accounts) and financial information (if the victim performed any economic operation while online with the evil twin). On top of that, the hacker has an open field for installing any malware he wants into your device.
Worst of all, this attack leaves no forensic evidence, so victims will likely notice something only when it’s too late.
An example
Somebody goes to their favorite coffee house. It’s nice, within walking distance, and it has wifi. So he gets there, orders his favorite hot drink, sits down, and connects to the internet via wifi. He comes to this establishment often, he’s used this wifi node hundreds of times without problems, so there’s nothing to be afraid of.
But this time, something is different. Your “friendly” neighborhood hacker liked this place for today, and it’s “working” there. But, unfortunately, he has an evil twin running using the same SSID name as the coffee shop’s usual wifi access point. Moreover, he’s seated next to our hypothetical friend, so the evil twin’s signal is stronger than the real one. So the unavoidable happens: the unsuspecting victim’s device connects to the evil twin.
Our friend performs a money transfer to a friend’s account while he’s online. Unfortunately, he is not using a VPN, which would have saved him from the evil twin’s owner’s prying eyes. So the hacker has the victim’s banking credentials. And the victim is none the wiser until, days later, he notices that some unrecognized transactions have happened in his account.
The difference between evil twins and rogue access
Evil twins are not rogue access points. So there are similarities, but there are also two key differences:
- A rogue access point is an unwanted access point that grants access to a network from the outside. Its purpose is not in data gathering but in network intrusion.
- An evil twin is a replica of a legitimate access point. Its purpose is not to break into a network.
So you could consider evil twins as types of rogue access points, but they’re still different things.
So you fell for the evil twin attack. What now?
If you are suffering from financial loss due to an evil twin attack, the first thing to do is to ask your bank or credit card company for help immediately.
Change the passwords in all your accounts.
If things are bad enough, consider asking your local law enforcement to get involved.
Protecting your devices from evil twins
Evil twin attacks are quiet, subtle, and effective. But there’s still plenty for you to do to protect yourself.
Stay away from unsafe wifi access points
If you have to use a wifi service while you’re out and about, avoid those marked as “unsecured.” Evil twins are almost always in this category.
Use your own wifi
You will remain safe from hackers if you always use your personal wifi network. You will always be in a reliable network. It’s much harder for hackers to con you into an evil twin of your own hotspot. Remember to have a password to protect your access point.
Pay attention to warnings
Pay attention if your device warns about suspicious things happening while connecting to a network. Yes, these warnings can be annoying, but they are there to protect you. So stop ignoring them and, if they happen, be extra careful.
Turn your auto-connect feature off
If your auto-connect is on, it will connect you automatically to any network you’ve previously been in when it’s in rage. This is not what you want when you’re in public. And it’s an even worse idea if you unknowingly consider that you could have been an evil twin in the past. So disable your auto-connect whenever you’re not home, and make sure you authorize any connection by hand.
Use public wifi prudently
Personal or financial transactions on public wifi are terrible unless you have a VPN you can trust implicitly. Even if you’re not in an evil twin spot, if the wifi is unprotected, your data is not encrypted, and a third party can still sniff it.
Adopt multi-factor authentication
Using more than two steps to log into any system takes away some of the convenience of digital services. Still, if you’re on a public wifi network, you must prioritize security above all else.
Stick to HTTPS webs
HTTPS websites have end-to-end encryption, protecting you from hackers and third parties.
Use a VPN
A VPN will encrypt all of your traffic, so even if you fall into the hands of an evil twin, the owner will never figure out what you’re doing online.
Apart from having a WiFi VPN, other security measures can also help you. One of them is to get a security suite online on your device (like Kaspersky Internet Security).
For corporations
Organizations also can help in the fight against evil twin attacks by taking these measures:
- Use a Personal Security Key (PSI) to secure every access point. Ensure that every employee has the key.
- Install a Wireless Intrusion Prevention System (WISP) to keep away intruders using unsecured access points.
- Ensure that everybody in the organization knows the correct SSID name of your legitimate access points.
- Keep an eye on your local wifi traffic. Always look for other nodes that are mimicking your SSIDs.
Conclusion
Hackers are getting more sophisticated every day. They keep developing new tools for mischief, and the old ones keep improving. Evil twins are but one of many tricks and resources they can deploy. It’s subtle, quiet, hard to detect, and devastating when it works.
However, if you are aware of your security online, keeping safe from evil twins is not so different from keeping yourself safe in general. Always remain mindful of the resources you are using, and be prudent about what you do while you’re online in public.
Last but not least, get a VPN. It’s the best line of defense against evil twin attacks, and it’s also effective against almost every online security threat out there.
