Hey, welcome back to Secure Robbie! So recently I have been seeing a lot of talks about Evil Twin attacks that have been happening lately. So let’s talk about it first, what’s an Evil Twin?
Well, An Evil twin is a fake Wi-Fi (access point) with the sole purpose of stealing your information. There are many attackers who will go to places that people commonly meet (airports, coffee shops, the workplace) and place a fake Wi-Fi router that looks official and convincing, in hopes that you access it. This can be particularly scary because you usually expect to go to these places and have some level of privacy or security. But the truth is, the only real private networks that we can trust are ours at home. So now let’s take a look at what to look for when it comes to evil twins.
So what does an evil twin look like?
We can see in this example that You “The Victim” is trying to access the Coffeeshop WI-FI. Now we can see that the Coffee Shop’s WI-FI name is “FreeWIFI” and the Hacker has also decided to make a fake access point called “FreeWifi” This is very hard to notice the difference between the two because they both pop up on your Wi-Fi lists as your trying to access public Wi-Fi.
Some Attackers will even try to make it more convincing by overpowering the real Wi-Fi by having a strong connection and trying to knock the Wi-Fi offline. But sometimes this can be a noisy operation so usually attackers will try to be as quiet as possible, by actually sitting in the area where the Wi-Fi is and making sure their Wi-Fi shows up first on the list to prove it’s more “authentic”.
Now many of you might say “Well there has to be a screen where I can confirm the connection” And you are right, there is something called a “captive portal” that helps you to log in and connect with the Wi-Fi, unfortunately attackers can also copy this portal, making it seem convincing…to a point. Luckily for you, Attackers are lazy and make some obvious mistakes when trying to set up these fake portals and Wi-Fi connections SEE BELOW
So what can attackers see when you access their Wi-Fi?
Everything! When we have accidently accessed the wrong Wi-Fi we are prone to everything being seen. Usernames, Passwords, banking information. This can be particularly scary because they can even manipulate what you are doing. For example, If we are making a bank transfer the attacker can reroute your bank transfer to their account and you wouldn’t notice until it’s too late. So it’s always important to make sure we are connected to the right Wi-Fi to prevent any damage to our lives.
How to notice signs of an evil twin attack?
So We already know one clue, and that’s hoping the attacker makes a mistake in creating the Wi-Fi name or on the captive portal. So let’s go over some other good tips that can be useful for everyone to remember, to prevent attacks from happening to them.
Tips
- Pay attention to common mistakes in names or brands
- Always use a VPN when using public wifi
- Watch for alerts that a network is unsecure
- Only access HTTPS websites
- Limit what you do online. No online banking or accessing sensitive websites
So, this is a pretty simple overview of evil twins and what to look for, So next time you access wifi and you have doubts, follow these steps and trust your gut, it will probably save you some heartache and money. I hope you found this article useful and that you can implement these practices into your cyber safety habits.
If you have experienced an Evil twin or have any other tips, please leave a comment below, so we can grow and learn more together. Thank you so much for reading and we will see you next time!