A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Evil Twin Hotspot

A fraudulent WiFi access point that has been set up by hackers to look legitimate

An evil twin hotspot is a term for a fraudulent WiFi access point (AP) that has been set up by hackers to look legitimate in order to intercept traffic on wireless networks. (An access point is a gateway that provides a wireless connection to the Internet, such as those that you find at restaurants, the airport or the mall.) When you visit a website through an evil twin hotspot, everything that you do and type is visible to the hacker.

Evil twin hotspots cause even more trouble if the unsuspecting victim accesses websites that transfer data in plain text rather than using secure channels and strong encryption methods. Therefore, the best thing is to be very careful and avoid sending sensitive information when connected to unfamiliar hotspots with your WiFi enabled device.

For users of WiFi enabled devices, such as smartphones, tablet PCs and mp3 players, the threat is serious. Hackers might track your usage patterns to predict when you will most likely be looking for free WiFi access. Some may try to mimic legitimate hotspot providers, and those who are more sophisticated may be able to block the signal of legitimate AP. They are able to use the same AP name and make all traffic pass through their system.

Many evil twin hotspots can also host phishing scams. This tactic is referred to as wireless phishing (WiFi-phishing). The hacker will set up a fake website that mimics a popular websites, and when a user accesses the website over the evil twin hotspot, any information the user enters into the website is recorded by the hacker for future access. The information could be used to gain access to your device in order to steal credit card information or send viruses, Trojan horse, spyware and other malware. With such information, the hacker may be able to access your device even after you disconnect from the evil twin hotspot.

Protective Measures

Practices

  • Turn off the wireless access on your device when you are not using it.
  • Keep a firewall on at all times, especially when using a public AP. The firewall will monitor traffic coming in and out of your computer.
  • Whenever possible always use the secure version of a website. Look for "https" in the URL ("s" for "secure"). When using a public AP, be suspicious of websites that ask for personal information.
  • Keep the anti-virus software for your device up to date. It is good to use a suite of products that includes protection from many different threats.
  • Minimize your use of public APs, especially to access sensitive information.

Legal Issues

Legal

An act from 2005 called "Securely Protect Yourself Against Cyber Trespass," or the Spy Act, would make it illegal for a person who is not the owner or authorized user of a protected computer to engage in deceptive acts to take control of it, to modify settings related to the computer or its internet access, to collect personal information through keystroke logging, or to induce the user to provide personally identifiable, password, or account information. This bill has not yet been passed into law and was last before congress in 2007.

References

  • Thomas  (The Library of Congress)
My home page