An evil twin is a malicious Wi-Fi hotspot that pretends to be a legitimate one. Hackers use them to steal your information if you connect to it. Here’s how a VPN can help.
Connecting to public Wi-Fi can already be risky, but now you have to worry about “evil twins?” It’s a crazy world, and some people want to make it even crazier. Next time you connect to the local mall’s free Wi-Fi, consider if it’s legitimate, or a fake. It’s easy for hackers to masquerade as legitimate users.
By creating a fake Wi-Fi hotspot, a cybercriminal can eavesdrop on network traffic and intercept any data flowing across. Using an evil twin, the hacker can create a man-in-the-middle attack. We’ve mentioned them briefly before, but here’s a recap. A man-in-the-middle attack (MitM) is when a hacker secretly relays and/or changes communication between two parties.
“It’s a crazy world, and some people want to make it even crazier…”
This can be between two people, or between a person and the rest of the internet. The most common example of this is active eavesdropping. This is when a hacker intercepts two people that are talking to each other. The hacker then intercepts the messages and relays them between the people. The people think they’re talking with each other, but it’s really the hacker that controls the conversation.
So now that it’s possible for hackers to create fake Wi-Fi hotspots, what can they do with it? Besides MitM attacks, a criminal could steal your identity with an evil twin. According to Identity Theft Resource Center, about 24% of people using free Wi-Fi have made purchases with credit cards.
Another study showed that 26% of Americans access their bank accounts on public Wi-Fi, 9% paid bills online and 8% sent emails containing sensitive information like Social Security Numbers. Now imagine how big this problem becomes around tax season. Cybercriminals create evil twins to intercept your network traffic and steal account numbers, passwords, photos & videos and a whole lot more.
For example: let’s say you’re at your favorite coffee shop. You pull your phone out while you wait, and see two Wi-Fi hotspots: “Coffee Shop” and “CoffeeShop_FREE.” Which one are you going to choose? Many people might pick the free one without thinking, because most public Wi-Fi is free anyway. Now, instead of connecting to the real coffee shop Wi-Fi, you’ve just connected to an evil twin.
Even if you’re not sharing sensitive information, it’s still dangerous. If you’re on a laptop, the hacker could even secretly install spyware onto your computer. At the 2016 Olympics in Rio, mobile security company Skycure found multiple evil twin hotspots around the city. These hackers were hoping to steal data from millions of visitors and tourists.
How To Protect Yourself
There’s really only one solution to staying safe on public Wi-Fi, and that solution is using a VPN. A VPN will encrypt your network traffic to prevent anyone from stealing it.
Using a VPN can help in about 95% of situations involving public Wi-Fi. Even if you believe that the Wi-Fi you’re using is safe, it’s still a good idea to use a VPN. If you’re suspicious, there are a couple of warning signs.
First, the majority of legitimate public Wi-Fi hotspots require you to agree to their terms and conditions before you connect. The provider does this to keep the network safe. If the connection speed is unusually slow, that could be another sign. Not all legitimate public Wi-Fi is fast, so don’t take that as the only sign.
One thing to do is check your device’s settings. On a smartphone such as an iPhone, you can go into Settings > Wi-Fi and look for Ask to Join Networks. You should turn this setting on. It means that your iPhone won’t automatically connect to free Wi-Fi when you’re in public. You’ll have to manually connect to a network, but it’s much safer.
If you suspect that you’ve connected to an evil twin, you can go into the Wi-Fi settings and select Forget This Network. You can find this on an iPhone by going to Settings > Wi-Fi. Next to the Wi-Fi SSID (name) of the network, click the blue “i” in a circle. You’ll then see the option to have your phone forget it.
Another thing to watch out for: make sure the website you’re connecting to has HTTPS before it. Not all legitimate websites have moved towards using HTTPS. But many sites do, especially banking websites.
For advanced users and network administrators, it’s possible to discover and prevent evil twins access points. A tool called EvilAP_Defender can help. You can run the software in regular intervals to protect your wireless network. When it detects an evil twin, you can configure the program to send you an email to alert you.
In order to give the IT admin more time to take the evil twin down, the software can even DoS legitimate wireless users to prevent them from connecting to the malicious hotspot. But this only works for evil twins that have the same SSID but a different BSSID (evil twin’s MAC address). This prevents it from DoSing your legitimate network. The tool detects evil twins with the following characteristics:
- Evil twin with a different BSSID
- An evil twin with the same BSSID but a different attribute – including channel, cipher, privacy protocol and authentication
- One with the same BSSID and attributes but with a different tagged parameter. These are additional values sent along with the beacon frame (mostly different OUI).
You’ll need other software set up in order to use EvilAP_Defender:
- Aircrack-ng suite – your wireless card also obviously needs to support Aircrack
- Python libraries: MySQLdb, Scapy and Netaddr