Security News Why it’s time to take warnings about using public Wi-Fi, in places like airports, seriously

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,664
Over the years, travelers have repeatedly been warned to avoid public Wi-Fi in places like airports and coffee shops. Airport Wi-Fi, in particular, is known to be a hacker honeypot, due to what is typically relatively lax security. But even though many people know they should stay away from free Wi-Fi, it proves as irresistible to travelers as it is to hackers, who are now updating an old cybercrime tactic to take advantage.

An arrest in Australia over the summer set off alarm bells in the United States that cybercriminals are finding new ways to profit from what are called “evil twin” attacks. Also classified within a type of cybercrime called “Man in the Middle” attacks, evil twinning occurs when a hacker or hacking group sets up a fake Wi-Fi network, most often in public settings where many users can be expected to connect.




In this instance, an Australian man was charged with conducting a Wi-Fi attack on domestic flights and airports in Perth, Melbourne, and Adelaide. He allegedly set up a fake Wi-Fi network to steal email or social media credentials.

“As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common,” said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one reads the terms and conditions or checks the URLs on free Wi-Fi.

“It’s almost a game to see how fast you can click “accept” and then ‘sign in’ or ‘connect.’ This is the ploy, especially when visiting a new location; a user might not even know what a legitimate site should look like when presented with a fake site,” Radolec said.

Today’s ‘evil twins’ can more easily hide

One of the dangers of today’s twinning attacks is that the technology is much easier to disguise. An evil twin can be a tiny device and can be tucked behind a display in a coffee shop, and the small device can have a significant impact.

“A device like this can serve up a compelling copy of a valid login page, which could invite unwary device users to enter their username and password, which would then be collected for future exploitation,” said Cincinnati-based IT consultant Brian Alcorn.




The site doesn’t even have to actually log you in. “Once you’ve entered your information, the deed is done,” Alcorn said, adding that a harried, weary traveler probably would just think the airport Wi-Fi is having issues and not give it another thought.

People who are not careful with passwords, such as use of pet’s names or favorite sports teams as their password for everything, are even more vulnerable to an evil twin attack. Alcorn says for individuals who reuse username and password combinations online, once the credentials are obtained they can be fed into AI, where its power can quickly give cybercriminals the key.

“You are susceptible to exploitation by someone with less than $500 in equipment and less skill than you might imagine,” Alcorn said. “The attacker just has to be motivated with basic IT skills.”

How to avoid becoming a victim of this cybercrime​

When in public places, experts say it’s best to use alternatives to public WiFi networks.

“My favorite way to avoid evil twin attacks is to use your phone’s mobile hotspot if possible,” said Brian Callahan, Director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute.

Users would be able to spot an attack if through a phone relying on its mobile data and sharing it via a mobile hotspot.

“You will know the name of that network since you made it, and you can put a strong password that only you know on it to connect,” Callahan said.

If a hotspot isn’t an option, a VPN can also provide some protection, Callahan said, as traffic should be encrypted to and from the VPN.

“So even if someone else can see the data, they can’t do anything about it,” he said.

Airport, airline internet security issues​

At many airports, the responsibility for WiFi is outsourced and the airport itself has little if any involvement in safeguarding it. At Dallas Fort Worth International Airport, for example, Boingo is the Wi-Fi provider.

“The airport’s IT team does not have access to their systems, nor can we see usage and dashboards,” For said an airport spokesman. “The network is isolated from DAL’s systems as it is a separate standalone system with no direct connection to any of the City of Dallas’ networks or systems internally.”

A spokeswoman for Boingo, which provides service to approximately 60 airports in North America, said it can identify rogue Wi-Fi access points through its network management. “The best way passengers can be protected is by using Passpoint, which uses encryption to automatically connect users to authenticated Wi-Fi for a safe online experience,” she said, adding that Boingo has offered Passpoint since 2012 to enhance Wi-Fi security and eliminate the risk of connecting to malicious hotspots.

Alcorn says evil twin attacks are “definitely” occurring with regularity in the United States, it’s just rare for someone to get caught because they are such stealth attacks. And sometimes hackers use these attacks as a learning model. “Many evil twin attacks may be experimental by individuals with novice-to-intermediate skills just to see if they can do it and get away with it, even if they don’t use the collected information right away,” he said.

The surprise in Australia wasn’t the evil twinning attack itself, but the arrest.

“This incident isn’t unique, but it is unusual that the suspect was arrested,” said Aaron Walton, threat analyst at Expel, a managed services security company. “Generally, airlines are not equipped and prepared to handle or mediate hacking accusations. The typical lack of arrests and punitive action should motivate travelers to exercise caution with their own data, knowing what a tempting and usually unguarded -target it is — especially at the airport.”

In the Australian case, according to Australian Federal Police, dozens of people had their credentials stolen.

According to a press release from the AFP, “When people tried to connect their devices to the free WiFi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices.”

Once those credentials were harvested, they could be used to extract more information from the victims, including bank account information.

For hackers to be successful, they don’t have to dupe everyone. If they can persuade only a handful of people – statistically easy to do when thousands of harried and hurried people are milling around an airport – they will succeed.

“We expect WI-Fi to be everywhere. When you go to a hotel, or an airport, or a coffee shop, or even just out and about, we expect there to be Wi-Fi and often freely available WI-FI,” Callahan said. “After all, what’s yet another network name in the long list when you’re at an airport? An attacker doesn’t need everyone to connect to their evil twin, only some people who go on to put credentials into websites that can be stolen.”

The next time you’re at the airport, the only way to be 100% sure you’re safe is to bring your own Wi-Fi.
 

bazang

Level 7
Jul 3, 2024
337
> Over the years, travelers have repeatedly been warned to avoid public Wi-Fi in places like airports and coffee shops.

People do it not because they do not understand that it is a security risk (although 99% do not understand the exact technical reasons for those risks). They do it because, despite all the danger, they want the connectivity benefit of the completely insecure network. Many just cannot help themselves. They are so dependent upon connectivity that they will expose themselves to significant digital danger.

Warning people about digital dangers is extremely ineffective in getting people to change their priorities and behaviors.

Instant gratification is the world's top priority - across all nations, across all social and economic classes, across all human groups.

Microsoft CoPilot says: "With the rise of technology and the internet, most people in the world today have become accustomed to getting what they want almost immediately, whether it’s information, entertainment, or even shopping. This shift has had a significant impact on our lifestyles and expectations."

Expectations are driven to a large extent by priorities.
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,664
Warning people about digital dangers is extremely ineffective in getting people to change their priorities and behaviors.

Instant gratification is the world's top priority - across all nations, across all social and economic classes, across all human groups.
Indeed.

Users with access to ISP wi-fi hotspots should take advantage of them when available.
 

bazang

Level 7
Jul 3, 2024
337
Users with access to ISP wi-fi hotspots should take advantage of them when available.
Users that suffer losses or damages because of insecure, but very convenient public wifi should be able to recover those losses or damages from those providing the insecure wifi.

The surest way to solve the problem - make the public wifi provider accountable and responsible for what users do or do not do to secure themselves; nobody will make insecure public wifi available and thereby users cannot shoot themselves in the foot.

Solve the problem by the most effective method - take it away from users.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top