Over the years, travelers have been repeatedly warned to avoid using public Wi-Fi networks in places like airports and cafes. Airport Wi-Fi, in particular, is known to be a honeypot for hackers, due to what is usually considered relatively lax security. But although many people know they should stay away from free Wi-Fi, it's proving as irresistible to travelers as it is to hackers, who are now updating an old cybercrime tactic to take advantage.
An arrest in Australia over the summer raised alarm bells in the United States that cybercriminals are finding new ways to profit from so-called “evil twin” attacks. Also classified as a type of cybercrime called “man-in-the-middle” attacks, evil twinning occurs when a hacker or hacking group creates a fake Wi-Fi network, often in public places where many users are expected to connect.
In this case, an Australian man was accused of carrying out a Wi-Fi attack on domestic flights and airports in Perth, Melbourne and Adelaide. He allegedly created a fake Wi-Fi network to steal email or social media credentials.
“As the general public becomes more accustomed to free, ubiquitous Wi-Fi, you can expect evil twin attacks to become more common,” said Matt Radolek, vice president of incident response and cloud operations at data security firm Varonis. Terms and conditions or check URLs on free WiFi.
“It's almost a game to see how quickly you can click 'Accept' and then 'Log In' or 'Connect.'” That's the trick, especially when visiting a new site, and the user may not even know what a legitimate site should look like when they Posted on a fake website.
Today's “evil twins” can hide more easily
One of the dangers of dual attacks today is that the technology is much easier to camouflage. The evil twin can be a small device that can be placed behind a display screen in a coffee shop, and a small device can have a big impact.
“A device like this could present a disguised version of a valid login page, which could invite unwary device users to enter their username and password, which would then be collected for future exploitation,” said Brian Alcorn, a Cincinnati-based IT consultant.
The site doesn't even need you to actually log in. “Once you enter your information, it's done,” Alcorn said, adding that a weary traveler might just think the airport Wi-Fi is having problems and not give it another thought.
People who don't care about passwords, such as using the names of their pets or favorite sports teams as passwords for everything, are more vulnerable to an evil twin attack. For individuals who reuse username and password combinations online, once the credentials are obtained, they can be fed to the AI, the power of which can quickly give cybercriminals the key, Alcorn says.
“You're vulnerable to being exploited by someone with less than $500 in equipment and less skill than you might imagine,” Alcorn said. “The attacker must be motivated with basic IT skills.”
How to avoid becoming a victim of this cyber crime
When in public places, experts say it's best to use alternatives to public WiFi.
“My favorite way to avoid evil twin attacks is to use your phone's mobile hotspot if possible,” said Brian Callahan, director of the Rensselaer Cybersecurity Collaborative at Rensselaer Polytechnic Institute.
Users will be able to detect the attack if it is through a phone that relies on its mobile data and sharing it via a mobile hotspot.
“You'll know the name of that network from the time you created it, and you can set a strong password that only you will know to connect to it,” Callahan said.
If hotspot isn't an option, a VPN can also provide some protection, as traffic to and from the VPN must be encrypted, Callahan said.
“So, even if someone else could see the data, they wouldn't be able to do anything about it,” he said.
Airports, cyber security issues for airlines
In many airports, responsibility for the WiFi network is outsourced, and the airport itself has little involvement in protecting it. At Dallas-Fort Worth International Airport, for example, Boingo is the Wi-Fi provider.
“The airport's IT team cannot access their systems, and we cannot see usage and dashboards,” an airport spokesman, Fore, said. “The network is isolated from DAL systems because it is a separate standalone system with no direct connection to any of the City of Dallas networks or systems internally.”
A spokeswoman for Boingo, which provides service to about 60 airports in North America, said it can identify rogue Wi-Fi access points through its network management. “The best way to protect passengers is to use Passpoint, which uses encryption to automatically connect users to an authenticated Wi-Fi network for a secure online experience,” she said, adding that Boingo has offered Passpoint since 2012 to enhance Wi-Fi security and eliminate the risks of connecting to hotspots. Harmful communication.
Alcorn says evil twin attacks “absolutely” happen regularly in the United States, and it's rare for someone to be caught because they are hidden attacks. Sometimes hackers use these attacks as an educational model. “Many evil twin attacks may be experimental by individuals with novice to intermediate skills just to see if they can do it and get away with it, even if they don't use the information gathered right away,” he said.
The surprise in Australia was not the evil twin attack itself, but the arrest.
“This incident is not unique, but it is unusual for a suspect to be arrested,” said Aaron Walton, a threat analyst at Expel, a managed services security company. “In general, airlines are not equipped and prepared to handle or mediate hacking accusations. The usual lack of arrests and punitive measures should motivate travelers to be cautious with their private data, knowing how tempting an unguarded target usually is – especially at airports.” airport.”
In the Australian case, according to the Australian Federal Police, dozens of people's credentials were stolen.
According to an AFP press release, “When people tried to connect their devices to free WiFi networks, they were taken to a fake web page asking them to log in using their email or social media logins. These details were then allegedly saved on their devices The man.”
Once these credentials are collected, they can be used to extract further information from victims, including bank account information.
For hackers to succeed, they don't have to fool everyone. If they can convince just a handful of people – which is statistically easy when thousands of people are rushing around the airport – they will succeed.
“We expect Wi-Fi to be everywhere. When you go to a hotel, an airport, a coffee shop, or even outside the home, we expect Wi-Fi to be there and often for free.” Callahan said. “After all, what's another network name on the long list when you're at an airport? An attacker doesn't need everyone to connect to his evil twin, just some people putting credentials into websites that can be stolen.”
Next time you're at the airport, the only way to be 100% sure you're safe is to bring your own Wi-Fi.