The Dangers of Evil Twin Wi-Fi Hotspots

Coming Soon to a Coffee Shop Near You

Hacker on Laptop PC
Photo: Gu / Getty

Do you ever think twice before connecting to a free public wireless hotspot at a coffee shop, airport, or hotel? Did you ever stop to wonder if the public Wi-Fi hotspot you just connected to is a legitimate one, or if it might be an Evil Twin hotspot in disguise?

An Evil Twin hotspot is a Wi-Fi access point set up by a hacker or cybercriminal. It is meant to mimic a legitimate hotspot provided by a nearby business, such as a coffee shop that provides free Wi-Fi access to its patrons.

An Evil Twin hotspot mimics a legitimate hotspot in just about every way including the legitimate SSID (wireless network name), but the Evil Twin's intentions are more sinister in nature.

Hackers and/or cybercriminals create Evil Twin hotspots to allow them to both eavesdrop on network traffic and insert themselves into the data conversation between their victims and the servers that the victims access while connected to the Evil Twin hotspot.

By imitating a legitimate hotspot and tricking users into connecting to it, a hacker or cybercriminal can then steal account names and passwords and redirect victims to malware sites, phishing sites, etc. The perpetrators can also view the contents of files that the victims download or upload while they are connected to the Evil Twin access point.

Victims that connect to Evil Twin hotspots don't even know that they are connecting to a rogue access point because the perpetrators use the SSID (network name) of the legitimate access point.

The whole experience is transparent to the victim. Most of the time the hacker allows the victims to reach their intended Internet destinations while they secretly eavesdrop on the network traffic so that they can steal the information from the victims as the victims attempt to login to their e-mail, provide credit card numbers while shopping online, etc.

How can I Tell if I'm Connecting to an Evil Twin vs. a Legitimate Hotspot?

You likely won't be able to tell whether your connecting to a good hotspot or a bad one. Hackers will make every effort to use the same SSID name as the legitimate access point. They often go a step further and clone the MAC address of the true access point so that they will be seen as a Base Station Clone which further strengthens the illusion.

The Evil Twin hotspot owner may attempt to boost his or her hotspot's signal strength so that it overpowers the legitimate one.

Hackers don't have to setup a big ugly hardware-based access point to create an Evil Twin hotspot. Hackers can use hotspot emulating software that utilizes the Wi-Fi network adapter in their notebook PC as the hotspot. Having this level of portability and concealment allows them to position themselves nearer to a potential victim which may help them to overpower the signal coming from the legitimate access point.

What can I do to Protect Myself From Evil Twin Hotspots?

There aren't a lot of ways to defend against this type of attack. You would think that wireless encryption would prevent this type of attack, but according to Watchguard, they are not an effective deterrent because Wi-Fi Protected Access (WPA) doesn't encrypt user data until after the association between the victim's network device and the access point has already been established.

One of the ways suggested by the Wi-Fi Alliance to protect yourself from Evil Twin access points is to use a Virtual Private Network (VPN). Using the encrypted tunnel provided by the VPN encryption process helps to secure all traffic between your VPN-capable device and the VPN server.

Virtual Private Networks (VPNs) used to be a luxury that only large corporations could afford to provide their employees, but now personal VPN services are plentiful and cheap, starting at around $5 a month. Check out our article on Personal VPNs for help selecting a personal VPN service.

Other than avoiding open public hotspots, you can help reduce the eavesdropping risk associated with Evil Twin hotspots by only logging into your e-mail and other sites via HTTPS secured pages instead of using HTTP unencrypted.

Sites such as Facebook, Gmail, and others feature HTTPS login options.

Was this page helpful?