Blog, News, and Articles

For many people it is coming up to the holiday season and for businessperson it can be travelling to conferences and other business meetings, which for mean will mean trying to stay connected whilst on the move or staying in hotels using free Wi-Fi services. Whilst these services may be convenient there can be risk for the individual or business.

Quite a few people will be thinking thanks for the warning, but does it really happen? A couple of examples from this year are given below however this is not a new attack with the evil twin attack being around for a long time with a PC World article in 2005 discussing the attack PC World Article Mar 15 2005

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.

The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press release last week. AFP News Release June 28 2024

The audio of German military officers discussing top secret information was intercepted by Russia only because one of them logged in through an insecure line from a hotel room in Singapore, Defense Minister Boris Pistorius confirmed. Politico Article March 5 2024

Many free services use unencrypted connections for the Wi-Fi signal meaning it is easy to eavesdrop, even if there is a login page to allow access to the network that does not mean that once access has been granted the rest of the communication will be secure.

For those that offer an encrypted connection it is often one of the weaker encryption protocols and a pre-shared key that is well known and not changed which will again allow threat actors to eavesdrop.

To ensure secure communications across a connection that could be insecure you need to ensure there is a layer of security applied which can easily be done with a Virtual Private Network (VPN)

An evil twin attack is when a threat attacker creates a Wi-Fi hotspot that impersonates a legitimate Wi-Fi network and then uses it to spy on your internet activity and steal your information, such as login credentials.

Other attacks include eavesdropping on communications through packet sniffing, shoulder surfing where threat actors can see you screen and what you are typing, or Session Hijacking where the threat actors will attempt to capture session cookies and use them to take over you connection to a site.