How The State & Hackers Hack (And How to Stop Them) – Part 5: Evil Twin Hotspot

A fake Wi-Fi hotspot, or "Evil Twin" hotspot, is a Wi-Fi access point set up by a hacker or state spies which mimics a legitimate hotspot including the service set identifier (SSID) provided by a business or organization which is nearby, such as a coffee shop or hotel that provides free Wi-Fi access to its customers.

They are often named 'honeypots' because they lure their targets in with free Wi-Fi. They are extremely difficult to detect and can be some of the most audacious and impressive hacking methods 'in the wild'. The tools to create a fake wi-fi hotspot are cheap, easy to use, and the methodology easier to grasp.

WHAT IS A FAKE Wi-Fi HOTSPOT?

Financial and business areas, military sites & government research facilities, airports, hotels, conferences, & conventions are prime targets for this attack. The following article identifies San Diego Wi-Fi as being the most vulnerable airport in America for malicious Wi-Fi spots.

https://www.hackread.com/top-10-vulnerable-airports-where-your-device-can-be-hacked/

A hacker will make his access point look like a genuine free Wi-Fi hotspot so 'Starbucks FREE Wi-Fi' may labelled 'Google Starbucks'. Below is an extreme example of a Starbucks networks during DEFCON – A famous hackers conference held annually in Las Vegas.

When the target joins the honeypot network, he can do all the normal things he would on the official hotspot – browse websites etc. Hackers who set up the hotspot are spoofing web traffic to appear as the sites they want to visit.

WHAT DO HACKERS COLLECT

They may Steal usernames, passwords, browsing history via a 'man in the middle attack' – it works by convincing the target and a friendly site that they are talking to each other. Such as a customer logging into his banking website. Data can be stolen from both the bank and the customer and altered as the hacker wishes.

- Or the hacker could just download all the files on a target's computer including photos, videos, blueprints etc.

- Or they might redirect the target to a malware site so the computer can be accessed at any time in the future (usually overnight) to steal sensitive data. From there they may begin to remotely hijack the computer to attack the target's larger team, organization, or company. Children or partners of targets can become a gateway for a determined hacker by this method: hack a family computer and leapfrog to the system of the employer of one of the adults.

HOW TO SPOT ONE

It is very difficult to spot a fake hotspot as hackers deploy every trick possible - like using the same name as the real access point and can even clone its MAC address to be displayed as the base station clone. They can also boost the signal strength to entice the target further.

- Any free Wi-Fi not requiring login to connect should be very suspect.

- Check the URL on any sites you access that they have HTTPS (The S means secure) before the address instead of HTTP.

HOW TO AVOID THEM

Assume all public networks are not secure and could be open to attack. Even access points that prompt for login could be an evil twin or representing a hotspot which never existed. Our advice – do not connect to free or open Wi-Fi EVER.

But if you must then consider these actions:

- Make sure none of your devices 'auto-join' networks, that the software is up to date and firewall plus malware detection is on. As explained previously none of these steps alone are fool proof.

- Go ask a member of staff at the location for the Wi-Fi network and ask if that is the correct one or not.

- Common sense.

If your computer is acting strange in any way then disconnect everything and conduct a full malware scan using the steps explained in part 3 (LINK).

- Purchase your own portable Wi-Fi hotspot and harden its security so that you never need to use public Wi-Fi.

- Purchase and use a solid VPN (Virtual Private Network).

WI-FI SPOOFING KIT ON AMAZON

The hacking equipment can be found very cheap online, and the guidance is understandable, even to lesser tech-savvy types. The coffee shop hacker may be wearing or using a device like these below. We do not suggest you purchase any nor do we suggest you yourselves do anything illegal. But it is very important for you to know that it is out there and the risk is real.