Millions of holidaymakers and travelers around the world connect to public WiFi networks on their mobile devices without too much thought about security. But according to cyber security firm WatchGuard Technologies, the presence of ‘evil twins’ means staying safe online when using public hotspots can be anything but.
A team of WatchGuard researchers visited 40 well known locations throughout the UK, Europe and the US, including hotels, transport hubs, shops, banks and restaurants, and were able to create a rogue wireless access point, or evil twin, in all but four of the sites visited.
In effect, an evil twin mimics a genuine hotspot so when unsuspecting users connect, they are actually connecting to a hacking device. The evil twin even has the same network name and settings, but in reality, it is a fake from which a hacker can gain access to personal data including passwords or credit card information.
The equipment to set up an evil twin is small enough to be stored in a backpack and is available online for as little as £150. The hacker simply walks into a building, looks for the available WiFi networks and creates the evil twin by replicating the Service Set IDentifier (SSID).
The evil twin would then be broadcasting ‘café WiFi’ for example, along with the legitimate network. When customers with laptops, tablets, smartphones and watches connect to the evil twin version the attacker can watch and intercept everything an unsuspecting user is accessing or sending.
“Evil twins are not a new problem but there are more and more public WiFi networks and many of us don’t think twice to log on to check emails or social media and do some online shopping,” said Ryan Orsi, director of product management at WatchGuard. “We would advise anyone to only use public hot spots for browsing the web and not for online shopping or banking. But it’s time for the WiFi providers to do more to prevent these threats. It is simple to scan for rogue access points (APs) and evil twins and block them, but most WiFi provides do not do this.”
As part of its campaign to encourage more secure WiFi, WatchGuard has started a Trusted Wireless Environment campaign to pursue industry cooperation in building secure WiFi standards to protect users against the six most common WiFi threats.
“When we think about the term staying safe on our holidays, we generally interpret this to mean being vigilant and holding on tight to our physical belongings, but the WiFi threat is real. The speed of WiFi adoption has led to a disconnect between access and security but there is no longer any excuse for providing unsecure WiFi and we shouldn’t have to feel we are living dangerously whenever we log on to a WiFi hotspot,” added Orsi.