Ad Banner
Advertisement by Open Privilege

Why you should be careful using public Wi-Fi

Image Credits: UnsplashImage Credits: Unsplash
  •  Evil twin attacks at airports are becoming more sophisticated and common, with hackers creating fake Wi-Fi networks to steal personal information from unsuspecting travelers.
  • Experts recommend using mobile hotspots or VPNs instead of public Wi-Fi to protect against these attacks, as well as implementing strong password practices and enabling two-factor authentication.
  • The threat extends beyond individual travelers to businesses, highlighting the need for corporate policies on public Wi-Fi usage and secure alternatives for employees who frequently travel.

Over the years, travelers have been urged to avoid public Wi-Fi in areas like airports and coffee shops. Airport Wi-Fi, in particular, is recognized to be a hacker honeypot due to normally inadequate security measures. Despite the fact that many people are aware that free Wi-Fi should be avoided, it remains alluring to both tourists and hackers, who are now modernizing a classic cybercrime method to take advantage.

The allure of free Wi-Fi is understandable, especially for travelers who may be trying to conserve their mobile data or stay connected during long layovers. However, this convenience comes at a potentially high cost. Cybercriminals are well aware of this vulnerability and have been increasingly targeting these public hotspots. The ease with which these attacks can be carried out, combined with the potential for significant data theft, has made airport Wi-Fi a prime target for malicious actors.

An arrest in Australia this summer raised concerns in the United States that cybercriminals are developing new ways to profit from so-called "evil twin" attacks. Evil twinning, also known as "Man in the Middle" assaults, occurs when a hacker or hacking organization creates a phony Wi-Fi network, usually in public places where a large number of users are likely to connect.

In this case, an Australian man was accused of launching a Wi-Fi attack on domestic aircraft and airports in Perth, Melbourne, and Adelaide. He allegedly created a bogus Wi-Fi network to steal email or social media passwords.

"As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common," said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one reads the terms and conditions or checks the URLs on free Wi-Fi.

"It's practically a game to see how fast you can click 'accept' and then'sign in' or 'connect.' This is the ruse, especially when visiting a new place; a user may not even know what a legitimate site should seem like when confronted with a fraudulent site," Radolec explained.

The sophistication of these attacks has grown significantly in recent years. Hackers are now employing advanced techniques to make their fake networks appear more legitimate. They may use official-looking logos, mimic the login process of popular websites, or even create fake captive portals that closely resemble those used by legitimate airport Wi-Fi networks. This level of detail makes it increasingly difficult for even tech-savvy users to distinguish between genuine and malicious networks, further highlighting the importance of exercising caution when connecting to any public Wi-Fi.

Today's 'evil twins' can simply hide

One of the risks of modern twinning assaults is that the technique is much easier to conceal. An evil twin can be a modest device hidden behind a display at a coffee shop, but it can have a large impact.

"A device like this can serve up a compelling copy of a valid login page, which could invite unwary device users to enter their username and password, which would then be collected for future exploitation," Brian Alcorn, a Cincinnati-based IT consultant, stated.

The website does not even need to log you in. "Once you've entered your information, the deed is done," Alcorn said, adding that a harried, exhausted traveler would most likely assume the airport Wi-Fi is down and not worry about it again.

People who are careless with passwords, such as using their pet's names or favorite sports teams as passwords for everything, are especially vulnerable to evil twin attacks. According to Alcorn, if consumers overuse login and password combinations online, once the credentials are stolen, they can be fed into AI, which can swiftly provide thieves with the key.

"You are susceptible to exploitation by someone with less than $500 in equipment and less skill than you might imagine," according to Alcorn. "The attacker just has to be motivated with basic IT skills."

How to prevent being a victim of this cybercrime

When in public settings, experts recommend using alternatives to public WiFi networks.

"My favorite way to avoid evil twin attacks is to use your phone's mobile hotspot if possible," said Brian Callahan, Director of Rensselaer Polytechnic Institute's Cybersecurity Collaboratory.

Users would be able to detect an assault if their phone relied on mobile data and shared it over a mobile hotspot.

"You will know the name of that network since you made it, and you can put a strong password that only you know on it to connect," Callahan told the audience.

If a hotspot is not an option, Callahan suggests using a VPN, which should encrypt communication to and from the VPN.

"So even if someone else can see the data, they can't do anything about it," he replied.

While these precautions are essential, it's also important for travelers to be proactive in protecting their devices and data. Regularly updating operating systems and applications can help patch known vulnerabilities that hackers might exploit. Additionally, enabling two-factor authentication on important accounts adds an extra layer of security, making it more difficult for cybercriminals to access sensitive information even if they manage to obtain login credentials. Travelers should also consider using password managers to generate and store unique, complex passwords for each of their accounts, reducing the risk of widespread compromise if one set of credentials is stolen.

Airport and airline internet security concerns

Many airports outsource WiFi management, and the airport has little, if any, participation in ensuring its security. At Dallas Fort Worth International Airport, for example, Boingo provides Wi-Fi.

"The airport's IT team does not have access to their systems, nor can we see usage and dashboards," according to an airport official. "The network is isolated from DAL's systems as it is a separate standalone system with no direct connection to any of the City of Dallas' networks or systems internally."

According to a representative for Boingo, which serves around 60 airports in North America, their network management system can detect unauthorized Wi-Fi access points. "The best way passengers can be protected is by using Passpoint, which uses encryption to automatically connect users to authenticated Wi-Fi for a safe online experience," she said, adding that Boingo has been offering Passpoint since 2012 to improve Wi-Fi security and eliminate the risk of connecting to malicious hotspots.

Alcorn claims that evil twin attacks "definitely" occur on a regular basis in the United States; it is just rare for someone to be caught because they are such covert attacks. Sometimes hackers employ these attacks as a learning tool. "Many evil twin attacks may be experimental by individuals with novice-to-intermediate skills just to see if they can do it and get away with it, even if they don't use the collected information right away," he told me.

The arrest, rather than the diabolical twinning attack, caught Australia off guard.

"This incident isn't unique, but it is unusual that the suspect was arrested," said Aaron Walton, threat analyst at Expel, a managed services security business. "In general, airlines are unprepared to deal with or mediate hacking allegations. The normal absence of arrests and punitive action should encourage tourists to be cautious with their personal data, knowing what an attractive and sometimes vulnerable target it is, particularly at airports."

According to the Australian Federal Police, scores of people's credentials were stolen.

According to an AFP press release, "When people attempted to connect their devices to the free WiFi networks, they were directed to a fake webpage requiring them to sign in using their email or social media logins. These details were then purportedly saved on the man's gadgets."

Once those credentials were obtained, they might be used to extract more information from the victims, such as bank account information.

Hackers do not need to deceive everyone in order to succeed. They will succeed if they can persuade even a small number of individuals, which is statistically easy when thousands of frazzled and hurried people are wandering around an airport.

"We expect Wi-Fi to be ubiquitous. When we go to a hotel, an airport, a coffee shop, or even simply out and about, we expect to find Wi-Fi, which is often free," Callahan said.

The implications of these attacks extend beyond individual travelers. Businesses whose employees frequently travel are also at risk. Sensitive corporate data transmitted over unsecured networks can be intercepted, potentially leading to significant financial losses or reputational damage. As a result, many companies are now implementing strict policies regarding the use of public Wi-Fi and providing employees with secure alternatives, such as company-issued mobile hotspots or VPN services. This shift in corporate policy highlights the growing recognition of the serious threat posed by evil twin attacks and other forms of cybercrime targeting public Wi-Fi networks.

Bring your own Wi-Fi the next time you visit the airport to ensure your safety.

Ad Banner
Advertisement by Open Privilege
Startup United States
Image Credits: Unsplash
StartupOctober 8, 2024 at 4:30:00 PM

Can lean startup be used for deep tech?

Deep tech has emerged as a powerhouse of groundbreaking advancements. Over the past decade, this niche sector has delivered some of the most...

Technology Singapore
Image Credits: Unsplash
TechnologyOctober 7, 2024 at 12:00:00 PM

What should I do if my private videos get posted online?

In an increasingly digital world, the unauthorized distribution of intimate videos and images has become a pressing concern for many Singaporeans. This form...

Technology
Image Credits: Unsplash
TechnologyOctober 7, 2024 at 11:30:00 AM

How Apple's new iPhone feature is revolutionizing emergency communication

In the wake of Hurricane Helene's devastating impact on the southeastern United States, a new iPhone feature has emerged as a potential lifesaver....

Technology
Image Credits: Unsplash
TechnologyOctober 6, 2024 at 1:30:00 PM

Banning smartphones in schools enhances children's social well-being and academic success

Schools worldwide are grappling with the challenge of managing smartphone use in classrooms. A recent study has shed light on a potential solution,...

Technology
Image Credits: Unsplash
TechnologyOctober 6, 2024 at 11:30:00 AM

How Hong Kong's caregivers are building supportive communities through social media

In the bustling metropolis of Hong Kong, a quiet revolution is taking place in the realm of eldercare. As the city grapples with...

Technology
Image Credits: Unsplash
TechnologyOctober 5, 2024 at 11:30:00 AM

Essential tips to protect yourself from digital fraud

In today's interconnected world, online marketplaces have revolutionized the way we buy and sell goods. Platforms like Facebook Marketplace, Nextdoor, and Poshmark have...

Retail United States
Image Credits: Unsplash
RetailOctober 4, 2024 at 4:00:00 PM

Strategies for online retailers to prevent costly stockouts

In the fast-paced world of online retail, few issues are as detrimental to success as stockouts. These inventory shortages not only result in...

Technology
Image Credits: Unsplash
TechnologyOctober 3, 2024 at 10:30:00 PM

What AI could do to change the fight against AIDS

In recent years, the integration of Artificial Intelligence (AI) into healthcare has opened up new frontiers in medical research and treatment. One area...

Technology
Image Credits: Unsplash
TechnologyOctober 3, 2024 at 4:30:00 PM

Could AI win the Nobel Prize someday?

A new contender has emerged, challenging the traditional notion of human-led discovery. Artificial Intelligence (AI), already a disruptive force in industries ranging from...

Technology
Image Credits: Unsplash
TechnologyOctober 3, 2024 at 12:00:00 PM

Apple's iOS 18 update reshapes social app growth landscape

In the fast-paced world of technology, even minor changes can have far-reaching consequences. Apple's latest iOS 18 update has introduced a subtle yet...

Marketing
Image Credits: Unsplash
MarketingOctober 1, 2024 at 8:00:00 PM

Maximizing marketing potential through Generative AI Centers of Excellence

Generative Artificial Intelligence (GenAI) has emerged as a game-changing force, reshaping how businesses connect with their audiences and drive growth. As organizations scramble...

Technology
Image Credits: Unsplash
TechnologyOctober 1, 2024 at 6:30:00 PM

What I discovered when I tracked my friends' screen time

Our smartphones have become an extension of ourselves. We wake up to their alarms, rely on them for work and communication, and often...

Ad Banner
Advertisement by Open Privilege
Load More
Ad Banner
Advertisement by Open Privilege