Beware the "Evil Twin" Wi-Fi Hotspot

Tue Mar 20, 2007 3:17AM EDT

See Comments (197)

Hop into Starbucks or an airport terminal and you may find yourself tempted by the inexpensive Wi-Fi service offered. Fire up your computer, browse the wireless networks available, and maybe you'll jump on a network named "tmobile" or "wayport" or some other common name among Wi-Fi service providers. Sure enough, your browser pulls up a page asking for your credit card information... or maybe you'll find yourself with "free" access to the internet. Surprise: You might have just been punk'd by a hacker.

Such is the case of the "evil twin" hotspot, a rising danger for users who rely on public hotspots for internet access. The trick is simple: A hacker just creates a hotspot with the same name (or a very similar one) as a legitimate hotspot nearby, hoping to dupe web surfers into connecting to the hacker hotspot instead of the legitimate one. The goal is the usual fare: Collect user names, passwords, credit card numbers. All the good stuff.

The Los Angeles Times notes that such lookalike networks are on the rise, and though this scam has been around for many years, it seems to be rising in popularity. My hunch? Wireless routers have better range than ever before, and it's practically child's play to set up a harvesting web site to dupe people into giving up their personal information. And since your laptop will automatically connect to any network you've connected to in the past (Windows thinks any network named "linksys" is the same network no matter where you go), people can be duped by evil twin hotspots without ever knowing it.

So what can you do about it? Sadly, not a lot, and all that security software on your laptop won't help you one bit if you willingly connect to one of these hotspots. As with most scams, diligence is your best ally: Learn what legitimate hotspot web pages look like. Hackers rarely make a perfect copy. If you encounter anything out of the ordinary, disconnect from the hotspot immediately. Tell the manager of the establishment you're trying to connect to that something funny is going on. They may not do anything about it, but hopefully they'll call the cops and encourage them to track down the signal.

LINK: Ensnared on the wireless Web

Comments on Beware the "Evil Twin" Wi-Fi Hotspot

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by laohuli@sbcglobal.net on Thu Sep 3, 2009 4:56PM EDT Report Abuse

    I agree with Comment 1. In this "Gotta have now" times, it can turn into "Gonna Get Ya Now" if common sense isn't used.

  • 7 Posted by palmer67114 on Thu Sep 3, 2009 7:48PM EDT Report Abuse

    Locally, one of our HotSpots has a SiteWord on their login page. The main banner says to check the word displayed on the blue sign above the cash register. If they don't match, do not log in and provide personal info. Whoever is working the register that day will usually change the sign and the Banner every four or five hours. I know they have more than 10 different words they use. I suppose it would still be possible for someone to come in and check the sign and then set up their fake site accordingly, but that seems like more work than most of the bad-boyz are willing to put in

  • 8 Posted by jrtracy@sbcglobal.net on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    In my next incarnation, I am going to be a criminal. It is a lot easier than fending them off (or working for a living).

  • 9 Posted by keith.napa@sbcglobal.net on Thu Sep 3, 2009 4:48PM EDT Report Abuse

    Does anybody know if you have your browser set to automatically log into your isp or favorite site, ie: netflix, etc, can the hacker collect that information? I always use the "remember me" options thinking I was safe. But now I wonder.

  • 10 Posted by trloyalist on Thu Sep 3, 2009 10:21PM EDT Report Abuse

    I agree with you about the common sense aspect of this problem, but phishers, hackers, and phreakers are smarter than they used to be. They get a thrill out of creating webpages so real that they can dupe the most common-sense among us. All it takes is a bit of capitol to purchase servers, or to pirate them, and a 10 minute learning curve in JSP and HTML. You can make a webpage that uses SSL, looks like "the real deal," & has a domain name nearly identical to the site it seeks to imitate, even though the IP address looks nothing like it. I should know. I've created these webpages before - I did several imitation websites as a project in computer science class in grad school (on a private server used for the class) with the goal of duping the students into giving up "personal information," (although the information wasn't real and wasn't used in any malicious manner). About 80% of the students were easily duped by a handful of websites it only took me about 3 hours to perfect. The thing is, most people in the developed world do not care how their technology works - as long as it works. And they are paying for that stupidity with their pocket books. This one project I did in grad school could easily have launched into a master's thesis in techno-sociology: people, in general, don't care about what makes science or technology tick - they only care how it can serve them. There are plenty of people out there who are not doing these kinds of things for a class project. So I implore all of you: spend a Saturday or Sunday afternoon on www.howstuffworks.com or a similar site and learn about IT, the web, phishing, & hacking. If you don't get smart about this stuff, you're going to get taken advantage of. And if you do feel you've been duped, contact your local law enforcement and get pointed in the right direction.

  • 11 Posted by rmmarte on Thu Sep 3, 2009 8:44PM EDT Report Abuse

    When the cops show up at the Starbucks the converstaion will be something like this. "Someone is faking your site, Hmmm, Joe get the electronic signal do-hicky tracker from the car. Oh wait, I forgot we don't have one. Sorry sir nothing we can do. How about a Grande something and one of those scones."

  • 12 Posted by msmith97@sbcglobal.net on Thu Sep 3, 2009 7:29PM EDT Report Abuse

    While traveling, I recently attached to a site in Seattle which appeared to be a legitamite site. While signing in, the police came in and took a man away. The site I was signing into shut down at at the same time the mans briefcase was "unplugged". Huraaay Seattle PD.

  • 13 Posted by smokinjefe@sbcglobal.net on Thu Sep 3, 2009 9:30PM EDT Report Abuse

    Could it be as simple as two similar servers showing up in a hotspot? For instance the t-mobile hotspot at starbucks and the fraudulant server posing as the t-mobile hotspot with similar names. I am one of those people who would most likely be taken advantage of, but would this be a clue that there is something wrong?

  • 14 Posted by sidhumt on Thu Sep 3, 2009 9:21PM EDT Report Abuse

    WiFi is convenient but has its potential pitfalls. Users can install Wi-Fi protection tools to thwart phishing attacks from Evil-Twins. AirDefense Personal product (www.airdefense.net/products/adpersonal) is one such product (free for personal use) which can be installed on your windows laptop to detect any such attempts and prevent phishing attempts by automatically shutting down your wireless network.

  • 15 Posted by dvanwie@sbcglobal.net on Thu Sep 3, 2009 3:50PM EDT Report Abuse

    Our local PD actually had a similiar case. A small coffee shop was advertized free wi-fi. The PD happened to get an increase of instances of credit card fraud. Seems that a guy in the neighborhood, close to the shop set-up something to get access to these peoples information. Not sure if it was a look-alike site or he was using something else to gather the info. Our State and Local P.D's are actually quite tech savvy...

  • 16 Posted by daman4469@verizon.net on Wed Mar 21, 2007 4:22PM EDT Report Abuse

    This article is true; however, it is not almost impossible to spot one of these fradulent networks, as the author suggests. Generally, the WiFi hotspot will be secured if it requires payment, and if it is not secured, Windows will notify you that sending information over the connection is dangerous. Secondly, keep an eye on the signal strength...more than likely the imposter will have a WAP set up nearby, but not close enough to achieve full signal (Maximum range for most wireless routers is 300 feet, + - a little). The larger threat is not an imposter stealing the data you send, but phishing your information from a website, which is much easier and much more common. Somebody who knows what they are doing would not use this method, but then again, they would be using a different means to steal data - one that is much harder to trace.

  • 17 Posted by zelda_zorch on Thu Sep 3, 2009 11:00PM EDT Report Abuse

    in Response to #1 above.. Starbucks T-Mobile is legitimate.. the hackers are making it not legitimate and therefore you should make sure you are on the T-mobile network before doing any business

  • 18 Posted by b_levin on Thu Sep 3, 2009 3:16PM EDT Report Abuse

    Easiest solution to this problem: Do not view sensitive personal information on ANY public network. You can be connected to a LEGITIMATE wi-fi hotspot and still get easily hacked by anyone else on that network. Don't log into any site that requires you to enter a username and password or that has any sensitive personal info unless you're on a private network. Sniffing traffic on a LAN really is trivial; risking your bank account isn't worth it. --B

  • 19 Posted by sonya-richardson@sbcglobal.net on Wed Mar 21, 2007 4:55PM EDT Report Abuse

    there are guys out there who have nothing better to do than to hack into systems. I know a guy who attended a hackers convention and you would be amazed at what they can do without even needing to use wifi. common sense doesn't play at all into that

  • 20 Posted by joeslounge66 on Thu Sep 3, 2009 4:38PM EDT Report Abuse

    Last summer I think I encountered one of these at a local StarBucks. I was trying to get on the internet through there hotspot and it started asking me for my creditcard info. My imediate reaction was to disconect my wireless. I did not do any of the research that I needed to do on the net, I just did other things I needed to do and then did the rest of my onlie stuff at home where I have a secure connection.

  • 21 Posted by robertnoche on Thu Sep 3, 2009 8:45PM EDT Report Abuse

    I been an victim of identity theft. Go with your wireless carieer or get one. If it's to good to be true then it is. RFN

  • 22 Posted by eydelviktor on Thu Sep 3, 2009 3:57PM EDT Report Abuse

    How about using a personal firewall with no inbound connections allowed? Hackers can't do much that way regardless of which network you've connecting to. When prompted for user name/password, check SSL certificates for the site. They can make a site look like the real one but I don't think they can obtain the certificates. All the "important" sites have https; - take advantage of it. Never enter any sensitive information on an unsecure site... just say no! Overall, if you take all these steps, your chances of loosing your shirt will be much lower. Then, of course, there is no absolute security in this world and everybody knows it.

  • 23 Posted by trussellbro on Thu Sep 3, 2009 10:23PM EDT Report Abuse

    This is good reason to go online through your cell phone server on your own cell phone. - Danny

  • 25 Posted by nds1982 on Thu Sep 3, 2009 7:34PM EDT Report Abuse

    Restrict your use of WiFi hotspots to limited things. Don't do anything that requires signing on and no one can steal your ID and password. Use a wireless phone to do anything requiring security. It won't be free access if someone rips off your ID and password to anything, even Yahoo! or MSN. If you use a regular one, make sure you can identify it without mistake and better yet, that it identifies you and gives you some information you gave it to begin with. Some companies now show you a logo you *before* you sign on that you have previously selected. That way, you know it is them before you enter your password.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.