Over the years, travelers have been urged to avoid public Wi-Fi in areas like airports and coffee shops. Airport Wi-Fi, in particular, is recognized to be a hacker honeypot due to normally inadequate security measures. Despite the fact that many people are aware that free Wi-Fi should be avoided, it remains alluring to both tourists and hackers, who are now modernizing a classic cybercrime method to take advantage.
The allure of free Wi-Fi is understandable, especially for travelers who may be trying to conserve their mobile data or stay connected during long layovers. However, this convenience comes at a potentially high cost. Cybercriminals are well aware of this vulnerability and have been increasingly targeting these public hotspots. The ease with which these attacks can be carried out, combined with the potential for significant data theft, has made airport Wi-Fi a prime target for malicious actors.
An arrest in Australia this summer raised concerns in the United States that cybercriminals are developing new ways to profit from so-called "evil twin" attacks. Evil twinning, also known as "Man in the Middle" assaults, occurs when a hacker or hacking organization creates a phony Wi-Fi network, usually in public places where a large number of users are likely to connect.
In this case, an Australian man was accused of launching a Wi-Fi attack on domestic aircraft and airports in Perth, Melbourne, and Adelaide. He allegedly created a bogus Wi-Fi network to steal email or social media passwords.
"As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common," said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one reads the terms and conditions or checks the URLs on free Wi-Fi.
"It's practically a game to see how fast you can click 'accept' and then'sign in' or 'connect.' This is the ruse, especially when visiting a new place; a user may not even know what a legitimate site should seem like when confronted with a fraudulent site," Radolec explained.
The sophistication of these attacks has grown significantly in recent years. Hackers are now employing advanced techniques to make their fake networks appear more legitimate. They may use official-looking logos, mimic the login process of popular websites, or even create fake captive portals that closely resemble those used by legitimate airport Wi-Fi networks. This level of detail makes it increasingly difficult for even tech-savvy users to distinguish between genuine and malicious networks, further highlighting the importance of exercising caution when connecting to any public Wi-Fi.
Today's 'evil twins' can simply hide
One of the risks of modern twinning assaults is that the technique is much easier to conceal. An evil twin can be a modest device hidden behind a display at a coffee shop, but it can have a large impact.
"A device like this can serve up a compelling copy of a valid login page, which could invite unwary device users to enter their username and password, which would then be collected for future exploitation," Brian Alcorn, a Cincinnati-based IT consultant, stated.
The website does not even need to log you in. "Once you've entered your information, the deed is done," Alcorn said, adding that a harried, exhausted traveler would most likely assume the airport Wi-Fi is down and not worry about it again.
People who are careless with passwords, such as using their pet's names or favorite sports teams as passwords for everything, are especially vulnerable to evil twin attacks. According to Alcorn, if consumers overuse login and password combinations online, once the credentials are stolen, they can be fed into AI, which can swiftly provide thieves with the key.
"You are susceptible to exploitation by someone with less than $500 in equipment and less skill than you might imagine," according to Alcorn. "The attacker just has to be motivated with basic IT skills."
How to prevent being a victim of this cybercrime
When in public settings, experts recommend using alternatives to public WiFi networks.
"My favorite way to avoid evil twin attacks is to use your phone's mobile hotspot if possible," said Brian Callahan, Director of Rensselaer Polytechnic Institute's Cybersecurity Collaboratory.
Users would be able to detect an assault if their phone relied on mobile data and shared it over a mobile hotspot.
"You will know the name of that network since you made it, and you can put a strong password that only you know on it to connect," Callahan told the audience.
If a hotspot is not an option, Callahan suggests using a VPN, which should encrypt communication to and from the VPN.
"So even if someone else can see the data, they can't do anything about it," he replied.
While these precautions are essential, it's also important for travelers to be proactive in protecting their devices and data. Regularly updating operating systems and applications can help patch known vulnerabilities that hackers might exploit. Additionally, enabling two-factor authentication on important accounts adds an extra layer of security, making it more difficult for cybercriminals to access sensitive information even if they manage to obtain login credentials. Travelers should also consider using password managers to generate and store unique, complex passwords for each of their accounts, reducing the risk of widespread compromise if one set of credentials is stolen.
Airport and airline internet security concerns
Many airports outsource WiFi management, and the airport has little, if any, participation in ensuring its security. At Dallas Fort Worth International Airport, for example, Boingo provides Wi-Fi.
"The airport's IT team does not have access to their systems, nor can we see usage and dashboards," according to an airport official. "The network is isolated from DAL's systems as it is a separate standalone system with no direct connection to any of the City of Dallas' networks or systems internally."
According to a representative for Boingo, which serves around 60 airports in North America, their network management system can detect unauthorized Wi-Fi access points. "The best way passengers can be protected is by using Passpoint, which uses encryption to automatically connect users to authenticated Wi-Fi for a safe online experience," she said, adding that Boingo has been offering Passpoint since 2012 to improve Wi-Fi security and eliminate the risk of connecting to malicious hotspots.
Alcorn claims that evil twin attacks "definitely" occur on a regular basis in the United States; it is just rare for someone to be caught because they are such covert attacks. Sometimes hackers employ these attacks as a learning tool. "Many evil twin attacks may be experimental by individuals with novice-to-intermediate skills just to see if they can do it and get away with it, even if they don't use the collected information right away," he told me.
The arrest, rather than the diabolical twinning attack, caught Australia off guard.
"This incident isn't unique, but it is unusual that the suspect was arrested," said Aaron Walton, threat analyst at Expel, a managed services security business. "In general, airlines are unprepared to deal with or mediate hacking allegations. The normal absence of arrests and punitive action should encourage tourists to be cautious with their personal data, knowing what an attractive and sometimes vulnerable target it is, particularly at airports."
According to the Australian Federal Police, scores of people's credentials were stolen.
According to an AFP press release, "When people attempted to connect their devices to the free WiFi networks, they were directed to a fake webpage requiring them to sign in using their email or social media logins. These details were then purportedly saved on the man's gadgets."
Once those credentials were obtained, they might be used to extract more information from the victims, such as bank account information.
Hackers do not need to deceive everyone in order to succeed. They will succeed if they can persuade even a small number of individuals, which is statistically easy when thousands of frazzled and hurried people are wandering around an airport.
"We expect Wi-Fi to be ubiquitous. When we go to a hotel, an airport, a coffee shop, or even simply out and about, we expect to find Wi-Fi, which is often free," Callahan said.
The implications of these attacks extend beyond individual travelers. Businesses whose employees frequently travel are also at risk. Sensitive corporate data transmitted over unsecured networks can be intercepted, potentially leading to significant financial losses or reputational damage. As a result, many companies are now implementing strict policies regarding the use of public Wi-Fi and providing employees with secure alternatives, such as company-issued mobile hotspots or VPN services. This shift in corporate policy highlights the growing recognition of the serious threat posed by evil twin attacks and other forms of cybercrime targeting public Wi-Fi networks.
Bring your own Wi-Fi the next time you visit the airport to ensure your safety.
