Hey: Please remember that trying this on actual public Wifi networks is illegal. Please don’t do that :)

I think we all know by now, just how dangerous connecting to public Wifi can be. This particular article even compares public wifi to a public toilet seat.

But how exactly does a hacker get to you when you jump on the same network as him? In this series, we explore the different attacks that hackers can leverage to compromise your accounts on public wifi networks. (By the way, if you haven’t already, check out the first part of the series below!)

Today, we are going to explore something a little different. Would it be possible for an attacker to compromise you the second you connect to a public Wifi network? Even before you visit any suspicious looking websites?

Enters the Evil Twin…

Imagine this: you check into your hotel room and turn on Wifi on your laptop. And on the list of networks available, you see both “Hilton Guest” and “Hilton HHonors”…

So you think: “Huh, I’m a guest. Better log into the “Hilton Guest” Wifi network!”

When in fact, the “Hilton HHonors” network is the legitimate Wifi network set up by the hotel. The Wifi network called “Hilton Guest” is actually a fraudulent network set up by an attacker! This is called an “Evil Twin” attack.

Evil twin access points are fake Wifi access points that are purposely named to look like legitimate ones. Once you connect to them, they sit between you and the internet, intercepting and collecting all data that passes through you and the outside world. They are most often used to eavesdrop on internet traffic in order to steal passwords and other credentials.

But with a little bit of trickery, a hacker can achieve something much more sinister…

Sprinkle in some Psychological Trickery…

After you’ve connected to the “Hilton Guest” Wifi network, you see the Hilton Hotel’s standard Wifi login page. If the login page is legitimate, then the network must be?

The login page you see is actually a fake put there by the hacker in order to convince you. The hacker has cloned the Hilton login page and he serves it whenever someone connects to the evil twin access point. This is actually not hard to do at all, as online tools like the Social Engineering Toolkit allows attackers to automatically clone a functional website in just a few seconds.

The “Hilton Guest” network login page looks legitimate and even requires you to enter your room number to log in! You become fully confident that you have selected the correct Wifi network…

Now that the fake Wifi login page has gained your trust, the hacker can go a step further. You see a Popup window like this, prompting you to download a security update before you can continue…

Since you’re already sure that this is the legitimate network, you don’t think twice before clicking on the “Download” button. But what you have actually downloaded is a remote access tool that allows hackers to gain access to your webcam, microphones, and anything you type on the keyboard.

Game over……

What you can do to Protect Yourself

Thankfully, with a little vigilance, you can prevent this from happening to you. Here are a few steps that you can take every time you log on to a new public network to ensure that you don’t connect to an evil twin:

1. Ask the employee of the public space which Wifi network you should connect to!
2. Ask what the required authentication for the network is.
3. Ask whether any downloads or updates are needed to log into the network. Most of the time, it should be none.

And here are a few precautions to make just in case you do connect to an evil twin access point:

1. Don’t do anything sensitive or confidential over a public Wifi connection.
2. Don’t download anything from sites that you don’t trust.
3. Cover up your webcams and your microphones as much as possible.
4. Periodically scan your computer for known malware with scanners like Malwarebytes.

As always, thanks for reading!