Evil Twins: The Dark Side of Using Wifi Hotspots

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Wifi has made hotspot hopping the favorite new American pastime. Now we can go from Starbucks to the park, then on to the airport and the plane without ever losing our ability to stay in touch.

But there can be a high price for all that connectivity. Because most wifi hotspots are unencrypted, they’re wide open to hackers. “Consumers are focused on getting online, not on their safety,” says Lisa Phifer, President of Core Competence, which focuses on network technology and security.“Most people don’t really know what they’re connecting to.”

Phifer says there’s a chance that the wifi hotspot you’re about to log onto could be an impostor – called an Evil Twin. Sound like something out of a B Sci Fi movie?  It’s actually much scarier. Evil Twins (also called WiPhishing) are designed to look like real wifi hotspots. When people are using the Internet through an Evil Twin, they can unknowingly expose their passwords and other sensitive online data to hackers. According to the Wi-Fi Alliance, a sophisticated Evil Twin can even control what websites appear when users access the Internet. That allows hackers to capture their passwords.

How to Spot an Evil Twin

Phifer says there are some tipoffs that you’ve logged on to an Evil Twin: “Look for strange variations in the logo, the lettering and the wording of sites whose names you recognize.”

“If you connect to a commercial wifi hotspot and aren’t asked for payment, that could spell big trouble,” she says.

Since an Evil Twin attack can be launched from a laptop, it can be closer to the victim than the real wifi hotspot.  So its signal might be stronger.

“If you see a known public wifi hotspot in an inappropriate location – like an airline hotspot that’s on the ground – that could also mean you’re in danger,” says Phifer.

What about those two little computer symbols that often appear when we’re trying to connect to a wireless network. “That’s a sign that you’re connecting to somebody else’s laptop – an ad hoc (peer to peer) network,”says Phifer. “That’s not a public wifi hotspot.” Not all ad hocs are dangerous.  But figuring out which ones are is virtually impossible in the virtual world.  So it’s best to avoid them.

Phifer has demonstrated Evil Twin attacks at security conferences around the country. “Even when I’m setting up and I warn people not to log on, they do it anyway,” she says.

Evil Twins Make Man-in-the-Middle Attacks Possible

Once an Evil Twin has access to your computer, it can launch a man-in-the-middle (MITM) attack to steal information that you send over the Internet. “This kind of attack can be executed against different applications including web, files and email,” says Phifer.

In an MITM attack, the hacker intrudes into an Internet connection, eavesdropping, intercepting data that’s exchanged and even injecting false information. According to Phifer, these are tip-offs that you’re the victim of a man-in-the-middle attack:

  • You visit a website or server that usually requires secure access. But  today it doesn’t. Check for the absence of the padlock symbol in your browser or “https” in the URL.
  • You get a warning from your browser that the site’s certificate is invalid or the site’s name doesn’t match the certificate.
  • You visit a website or server that doesn’t usually require secure access. But today it looks and acts different than it did yesterday.

These symptoms can occur for other reasons, like a website update in progress. But they are signs that you should exercise caution.

Evil Twin and man-in-the-middle attacks leave you vulnerable to identity theft and credit fraud. Your Internet security depends on protecting yourself.

What You Can Do

  • Make sure any laptop you use at a public wifi hotspot has a firewall and antivirus software with the latest security updates.
  • Turn off wireless connectivity when you’re not using it.
  • Disable printer and file sharing options when you’re at a hotspot.
  • Avoid logging into public hotspots that don’t have secure login pages, indicated by the padlock in your browser and “https” in the URL.
  • Use a VPN (virtual privacy network) like PRIVATE WiFi™ to ensure that your information is transmitted through an invisible secure tunnel. Phifer’s advice: “It’s unwise to be conducting business like online banking at a wifi hotspot without a VPN.”

Have you had a nasty encounter with  an Evil Twin?  Or has your computer been hijacked by a man-in-the-middle Attack? Tell us about it. We’d like to hear your story.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jan Legnitto

Jan Legnitto is an investigative journalist and documentary producer who writes about criminal justice and intelligence issues. Jan is also a frequent contributor to the Private I blogs.

2 Responses

  1. August 29, 2011

    […] networks even after you leave the plane. This means that a you could inadvertently connect to an “Evil Twin” using that name, perhaps belonging to a hacker in the airport lounge. Think of free public WiFi as […]

  2. December 18, 2012

    […] in-flight networks even after you leave the plane. This means you could inadvertently connect to an “Evil Twin” belonging to a hacker in the airport lounge. Think of free public WiFi as “bait” by an Evil […]