Key Takeaways

• Public Wi-Fi networks are often targeted by hackers using rogue access points and evil twin Wi-Fi networks to trick users into giving away personal information. Be cautious when connecting to free Wi-Fi.
• Rogue access points are insecure devices that mimic genuine networks, redirecting your connection to the hacker's access point instead. They are difficult to spot and can compromise your security.
• Evil twin Wi-Fi networks are duplicate wireless networks set up by hackers that appear identical to the original network. They may overpower the real network and can lead to stolen information. Stay vigilant and avoid inputting sensitive data on public Wi-Fi.

Whether you are in an airport, coffee shop, or library, you might be tempted to connect to the free Wi-Fi. Unfortunately, the friendly-looking free Wi-Fi might hide an evil twin Wi-Fi attack.

But what is an evil twin, and how can it compromise your IT security?

Why Do Hackers Use Fake Wi-Fi Networks?

Public Wi-Fi is often a target for man-in-the-middle (MITM) attacks. Besides taking advantage of insecure Wi-Fi networks to steal your identity, hackers can use two additional Wi-Fi vulnerabilities: "rogue access points" and "evil twins." These are seemingly genuine wireless networks created to trick potential victims into giving away their personal information.

They can look and act as you would expect from a real network. This includes using the same or similar name (think Starbucks Wi-Fi versus Starbucks Free Wi-Fi) and the same login screen.

While connected to an insecure and unencrypted network, you are, at minimum, giving the hacker free access to anything you do while online. This includes grabbing any usernames, passwords, and other personal information you enter.

At most, you'll download a virus or malware and give them full access to your device even after you disconnect from the insecure "network."

If you connect to a network where a credit card is required for access, like a hotel or an airplane "pay per hour" network, the hacker will have copied your credit card info even before you start browsing. In short, any data you upload or download while on the hacker's Wi-Fi is visible to them.

While there are other ways hackers can use public Wi-Fi to steal your identity, we will focus on what Evil Twins and Rogue Access Points are, what to look for, and what you should do if you connect to one.

What Is a Rogue Access Point (AP)?

A rogue AP, sometimes used interchangeably with an evil twin, is an insecure device connected to a network unbeknownst to the owner. This device will broadcast its own Wi-Fi that will appear to connect you to the genuine network. However, your connection will go via the hacker's access point instead of the intended secure device.

A hacker will usually combine this with a Denial of Service attack on the original access point to disable it, making the rogue AP the only available signal.

Rogue Access Points are a massive security issue that threatens the security of all connected users. Any network security features and firewalls enabled on the network will not affect a rogue AP's access to your transmitted data.

A rogue AP is difficult to spot as a user. However, if you're worried about having extra devices on your network, you can identify rogue devices connected to your network.

What Is an Evil Twin Wi-Fi Network?

An evil twin is a rogue access point with wireless capabilities that can be set up with any phone or laptop. It differs in that it's not strictly connected to the business' Wi-Fi unknowingly. The hacker will set up a duplicate wireless network that looks and acts the same way as the original network, down to using the same name and seemingly the same security features.

This Wi-Fi signal will usually overpower the real network simply by being physically closer to the user. Again, a Denial of Service attack to knock out the original access point is common in this scenario.

Either way, potential victims will connect to the hacker's signal rather than the genuine network.

How to Spot an Evil Twin Wi-Fi Network

Unfortunately, in real life, evil twins don't wear goatees to make them easy to identify. Don't assume that because the name of the Wi-Fi is "Starbucks Free Wi-Fi," it is secure or even that it belongs to Starbucks.

Oddly enough, the easiest evil twins to spot can be those that are password-protected. The access point is likely fake if you purposely enter the wrong password and don't get an error message. An evil twin access point will commonly let anyone access it regardless of the password you enter; they're not fussy about whose data they steal.

Another telltale sign of an evil twin attack is very slow network connections. It could be a sign that the hacker is using mobile internet to connect you to the web.

Also, pay attention to the address bar of the websites you visit. If your banking website shows an unencrypted HTTP version instead of HTTPS, your connection is unsafe. This is called SSL Stripping, and a hacker can get your passwords or banking details as you enter them.

It's easy for a hacker to redirect you to a fake version of any website if you connect through their device; this way, they can get your login details as soon as you enter them. Using a VPN will not protect you in these cases, as you are entering your information into the hacker's website.

However, ensure the URL is correct, and look for grammatical errors or language that you would not expect from the website.

Fake domains (often using misnamed addresses) are something you should watch out for when browsing in any situation, as they are one of many common social engineering threats you can face online.

How to Avoid Being a Victim of Public Wi-Fi Hacks

• Always use a VPN. There are VPN solutions for pretty much all devices, including your smartphones, tablets, laptops, desktops, and routers. Even a free VPN can protect your privacy.
• Don't input sensitive data. When accessing public Wi-Fi, especially if you don't have a VPN installed, keep to regular browsing. Avoid accessing any websites where you will input sensitive data, like Amazon or your online banking.
• Look out for SSL certificate errors. Many browsers will let you know if you are accessing an insecure and unencrypted page. Make sure that you access encrypted versions of any website. Always check if your address bar's "Secure" notice is present (these don't appear green anymore). If you do see a security certificate error, don't ignore it. Instead, close the website and look for other hints that you are on a suspicious network.

Disabling your device's "auto-connect to Wi-Fi" feature is also useful, as it prevents you from accidentally connecting to a fake or dangerous network.

What to Do If You Connect to an Evil Twin or Rogue AP

Even if you are vigilant, your phone might automatically connect you to an insecure network without realizing it. If you suspect you have connected to a compromised network, follow these steps to reduce the potential consequences.

• Disconnect as quickly as possible.
• Clear your list of saved Wi-Fi connections to avoid connecting to the same one in the future.
• Clear your browser cache
• Run antivirus and malware checks
• Change the password to any site you logged in to and any other websites that use the same login information
• Call your bank and cancel any bank cards used while connected

Don't panic, mind. You can fix any issues that arise from connecting to an evil twin access point; you just need to be quick.

Avoid Evil Twins Wi-Fi Networks

Even if you can't detect any signs of an Evil Wi-Fi network, there are things you shouldn't do when connected to public Wi-Fi. For example, you shouldn't create a new account, access your bank website, or share files. It's better to postpone these activities until you can connect to a private and safe network—or, at the very least, use a secure VPN if you have to complete any of these tasks.