Everyone wants to be constantly connected to the internet these days, whether that be personally for social media and messaging or for receiving work emails. As great as open-access free WiFi is, unfortunately as with many things, it is not always safe.
What is a fake WiFi hotspot?
A fake WiFi hotspot, or “Evil Twin” hotspot, is a WiFi access point set up by a hacker or cybercriminal which mimics a legitimate hotspot including the service set identifier (SSID) provided by a business which is nearby, such as a coffee shop or hotel that provides free WiFi access to its customers.
Why do hackers create fake WiFi hotspots?
Hackers and cybercriminals create these “Evil Twin” hotspots for a number of reasons. They can trick users into connecting to their connection, then steal their account names and passwords and can redirect them to illegitimate sites such as phishing sites or malware. The hackers will also be able to see the contents of any files that the victim downloads or uploads when their device is connected to the fake WiFi hotspot.
“Evil Twin” connections also mean that the criminal can eavesdrop on network traffic and can get involved in the data conversation that occurs between victims and any servers that they access whilst connected.
How can you tell if you are connected to a fake WiFi hotspot?
Unfortunately, you are unlikely to be able to tell whether you are connecting to a legitimate or fraudulent WiFi hotspot. Hackers use every trick they can in order to appear as legitimate as possible, using the same name as the real access point and even sometimes cloning its MAC address to be seen as a Base Station Clone. They can even boost the signal strength of their fake connection in order to overpower the real network signal.
Hackers emulate a hotspot using software that uses the Wi-Fi network adapter in their laptop as the hotspot. This means they don’t need to have a large, noticeable piece of hardware with them which may be obvious to those nearby. They can easily conceal the hacking they are doing and could more than likely be sat in the same coffee shop or hotel lobby as their unknowing victim.
How can you spot a fake WiFi hotspot?
A simple way in which to be sure you are selecting the legitimate connection is to check with the staff at the establishment. Things to look out for are connections which require no password or verification to connect or any hotspots which include personal or misspelt names. You can also check the URL on any sites you access as they will show you whether your web browsing is safe and secure by checking that it has HTTPS (S meaning secure) before the site name rather than HTTP.
What can you do to be protected from a fake WiFi hotspot?
As an individual, there are not many ways in which you can defend against this type of cyberattack other than to be vigilant and where possible, use your data allowance.
For organisations, businesses, or really anywhere that offers a free WiFi connection, our innovative Spriteguard™ device can shield guests from fraudulent open access WiFi hotspots, allowing them to connect to secure network infrastructures only.
With Spriteguard™, you can be 100% confident that your guests are connected to your WiFi, you avoid being financially liable and your reputation remains intact.
WiFi Securities’ mission is to protect businesses and the public from cyber-criminal activity. Contact us today for more information on how Spriteguard™ can protect you and your customers.
enquiries@wifi-securities.com
+44 (0)151 230 2161
Twitter: @wifisecurities
Facebook: @wifisecurities
LinkedIn: WiFi Securities
