It's crucial to heed warnings about using public Wi-Fi in places like airports.

It's crucial to heed warnings about using public Wi-Fi in places like airports.
It's crucial to heed warnings about using public Wi-Fi in places like airports.
  • The number of "evil twin" attacks targeting public Wi-Fi in airports and coffee shops is increasing, as referred to by cybersecurity experts.
  • The affordability of digital twinning technology has made cyberattacks more appealing to hackers, with the ability to execute them for less than $500.
  • On-the-go internet access can be securely protected using VPNs and mobile hotspots.

Travelers are frequently advised to steer clear of public Wi-Fi in places such as airports and coffee shops. Despite this knowledge, the allure of free Wi-Fi is too great for both travelers and hackers, who are now employing an outdated cybercrime technique to exploit the vulnerabilities.

In Australia, an arrest during the summer raised concerns in the US that cybercriminals are discovering new ways to exploit "evil twin" attacks for profit. These attacks, also known as "Man in the Middle" attacks, involve setting up a fake Wi-Fi network, typically in public areas where many users are likely to connect.

An Australian man was accused of setting up a fake Wi-Fi network to steal email or social media credentials on domestic flights and airports in Perth, Melbourne, and Adelaide.

The prevalence of free Wi-Fi is leading to an increase in evil twinning attacks, as people are less likely to read terms and conditions or verify URLs when using public Wi-Fi, according to Matt Radolec, vice president of incident response and cloud operations at Varonis.

Radolec stated that it's almost a game to see how quickly one can click "accept" and then "sign in" or "connect." This is especially true when visiting a new location, as a user may not even know what a legitimate site should look like when presented with a fake site.

Today's 'evil twins' can more easily hide

One of the risks of modern twinning attacks is that the technology is more easily concealed. An evil twin can be a compact gadget that can be hidden behind a display in a coffee shop, and the small device can cause significant harm.

Brian Alcorn, a Cincinnati-based IT consultant, stated that a device like this can create a convincing copy of a legitimate login page, enticing unsuspecting users to enter their username and password, which would then be harvested for malicious purposes.

"After entering your information, the deed is done," Alcorn stated, noting that a weary traveler might assume the airport Wi-Fi is experiencing issues and not give it another thought.

Individuals who use easily guessable passwords, such as their pet's name or favorite sports team, are more vulnerable to an evil twin attack. Alcorn warns that reusing username and password combinations online can lead to the rapid acquisition of credentials by cybercriminals through AI.

"Alcorn stated that you can be easily exploited by someone with limited equipment and skills, as long as they are motivated and have basic IT knowledge."

How to avoid becoming a victim of this cybercrime

It's advised to avoid using public WiFi networks in public spaces, according to experts.

To prevent evil twin attacks, I prefer using my phone's mobile hotspot, according to Brian Callahan, Director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute.

If a user relies on their phone's mobile data and shares it via a mobile hotspot, they may be able to spot an attack.

Callahan stated that since you created the network, you will recognize its name and can set a strong password unique to you for connecting.

VPNs can also provide protection by encrypting traffic to and from them, Callahan said.

He stated that even though others can view the data, they have no power to act upon it.

Airport, airline internet security issues

Boingo is responsible for providing WiFi at Dallas Fort Worth International Airport.

"The airport's IT team cannot access their systems or view usage and dashboards because the network is isolated from DAL's systems, which are a separate standalone system with no direct connection to any of the City of Dallas' networks or systems internally."

Boingo, which serves around 60 airports in North America, can detect unauthorized Wi-Fi access points through its network management. A Boingo spokeswoman stated that the best way for passengers to safeguard their online experience is by using Passpoint, which employs encryption to automatically link users to verified Wi-Fi networks. Since 2012, Boingo has provided Passpoint to improve Wi-Fi security and prevent the risk of connecting to malicious hotspots.

Alcorn claims that evil twin attacks are happening frequently in the US, but they are difficult to detect due to their stealthy nature. Additionally, hackers may use these attacks as a learning opportunity to improve their skills. According to Alcorn, some evil twin attacks may be experimental in nature, with individuals using their novice-to-intermediate skills to test their abilities and avoid detection.

The arrest, rather than the evil twinning attack, was the surprise in Australia.

"The suspect's arrest in this incident is unusual, as airlines are not typically equipped to handle or mediate hacking accusations. The lack of arrests and punitive action in such cases should motivate travelers to exercise caution with their own data, as it is a tempting and usually unguarded target, especially at the airport."

According to the Australian Federal Police, many individuals had their credentials stolen in Australia.

The AFP reported that individuals attempting to connect their devices to free WiFi networks were redirected to a fraudulent webpage demanding login information via email or social media. The man allegedly saved the obtained details onto his devices.

After obtaining the victims' credentials, their bank account information could be extracted.

To be successful, hackers don't need to deceive everyone. It's enough to convince a small group of people, which is statistically easier when there are many busy and rushed individuals in a crowded place like an airport.

"We anticipate Wi-Fi to be accessible in all places, including hotels, airports, coffee shops, and even when we're out and about. Callahan stated, "It's just another network name in the long list when you're at an airport. An attacker only needs some people to connect to their evil twin and enter their credentials on compromised websites.""

To ensure complete safety at the airport, always bring your own Wi-Fi.

United Airlines signs deal with Starlink to bring free Wi-Fi to flights starting next year
by Kevin Williams

Technology