The Dangers of "Evil Twin" Wi-Fi Hotspots

Coming soon to a coffee shop near you

Hacker wearing black mask and hoodie at laptop

Gu / Getty Images

Do you ever think twice before connecting to a free public wireless hotspot at a coffee shop, airport, or hotel? Did you ever stop to wonder if the public Wi-Fi hotspot you just connected to is a legitimate one, or if it might be an Evil Twin hotspot in disguise?

An "Evil Twin" hotspot is a Wi-Fi access point set up by a hacker or cybercriminal. It mimics a legitimate hotspot, including the ​service set identifier (SSID), also known as the primary network name, provided by a nearby business, such as a coffee shop that provides free Wi-Fi access to its patrons.

Why Do Hackers Create Evil Twin Hotspots?

Hackers and other cybercriminals create Evil Twin hotspots so they can eavesdrop on network traffic and insert themselves into the data conversation between their victims and the servers that the victims access while connected to the Evil Twin hotspot.

By imitating a legitimate hotspot and tricking users into connecting to it, a hacker or cybercriminal can then steal account names and passwords and redirect victims to malware sites, phishing sites, etc. The perpetrators can also view the contents of files that the victims download or upload while they are connected to the Evil Twin access point.

How Can I Tell If I'm Connecting to an Evil Twin vs. a Legitimate Hotspot?

You likely won't be able to tell whether you're connecting to a good hotspot or a bad one. Hackers will make every effort to use the same SSID name as the legitimate access point. They often go a step further and clone the MAC address of the true access point so that they will be seen as a Base Station Clone, which further strengthens the illusion.

Hackers don't have to set up a big ugly hardware-based access point to create an Evil Twin hotspot. Hackers can use hotspot emulating software that utilizes the Wi-Fi network adapter in their laptop as the hotspot. Having this level of portability and concealment helps them be near a potential victim, which may aid them to overpower the signal coming from the legitimate access point. If necessary, the cybercriminal can also boost the signal strength so that it overpowers the legitimate network signal.

What Can I Do to Protect Myself From Evil Twin Hotspots?

There aren't a lot of ways to defend against this type of attack. You would think wireless encryption would prevent this type of attack, but it isn't an effective deterrent because Wi-Fi Protected Access (WPA) doesn't encrypt user data until after the association between the victim's network device and the access point has already been established.

One of the ways suggested by the Wi-Fi Alliance to protect yourself from Evil Twin access points is to use a Virtual Private Network (VPN). Using the encrypted tunnel provided by the VPN helps to secure all traffic between your VPN-capable device and the VPN server.

Virtual Private Networks (VPNs) used to be a luxury that only large corporations could afford to provide their employees, but now personal VPN services are plentiful and cheap, starting at around $5 a month. 

Other than avoiding open public hotspots, you can help reduce the eavesdropping risk associated with Evil Twin hotspots by only logging into your e-mail and other sites via HTTPS secured pages instead of using HTTP unencrypted. Sites such as Facebook, Gmail, and others feature HTTPS login options.