Evil twin attack: The dangers of free Wi-Fi

A computer without a connection to a network is safe from hackers unless they break into the room. It’s the interconnectedness of the internet world that makes our devices susceptible to attacks. Sometimes, those dangers come from unexpected angles, like the Wi-Fi-reliant evil twin attack. But what is it, and what does it do?

In short: What is an evil twin attack?

An evil twin attack is when a hacker sets up a Wi-Fi hotspot that mimics a real one. By connecting to it, you let the hacker copy all the data you transmit and receive.  

Evil twin attack: What is it exactly?

An evil twin attack, in cybersecurity terms, is a man-in-the-middle attack that uses a fake Wi-Fi hotspot. That fake access point is set up to mimic a real existing Wi-Fi network. 

How do they do it? 

Well, they look at a real hotspot and copy the SSID – Service Set Identifier – which is essentially it’s name. Then they configure their own Wi-Fi hotspot (using cybersecurity testing tools like the Wi-Fi Pineapple) to transmit the same SSID. 

Here’s how evil twin gets you

If the hacker did their job well, your device will have no way of telling which network is real – evil twins don’t even have evil goatees. These days, you don’t just mimic the SSID, but also the encryption that the network uses. So with no obvious signs of malfeasance, you connect to the evil twin network thinking that it’s the legitimate access point, and you’re off to the races (to have your data stolen). 

What’s more, hackers can even make you disconnect from an already established connection to a trusted network by deauthentication attack which makes the Wi-Fi-connected devices try and re-authenticate themselves on the network. 

Evil twin attack is just the beginning 

But this is just half the action. An evil twin is a key part of man-in-the-middle attacks, becoming that proverbial man. Once you’re connected via the hacker’s hot spot, they can use it to just clone your data, sure, but they can do a few more devious things as well. 

Having control of your data stream allows them to inject fake website login pages to capture your login data, which is a type of phishing attack. That way, they can easily grab your usernames and passwords for anything you use (as long as they bothered to set up fake website login pages) while you’re using the hotspot. 

How does an evil twin attack work? 

So you, an unsuspecting device-haver and internet user, might be visiting your favorite Seattle Coffee Chain Franchise. As you take your Ultimax Turbogrand cup of latte and sit down to watch some KanColle, you connect to the local hotspot to preserve mobile data and increase the connection speed. 

But hark, there are two Wi-Fi networks called “Seattle Coffee Chain Franchise!” Which one do you choose? If the network isn’t password-protected (to save time for baristas who are already busy trying to figure out how to write “George but with a Y” on a cup), you can’t even look for the padlock on the Wi-Fi symbol. So you log into the network and watch your daily anime.

Then you think about logging into Facebook to post your comment about the episode you just watched on the Big Broadside Kriegsmarine Girlfriends fan page. You are led to an authentic-looking Facebook log in page. You enter your data, which the hacked website records and forwards to the real Facebook site. You are logged in without any knowledge that you just gave away your data. 

You have just fallen for a man-in-the-middle attack-enabled technologically-assisted social engineering attack!

How to spot an evil twin attack 

It is hard to spot an evil twin attack in the process. A hacker who did due diligence with their work will have copied the SSID, encryption and maybe even the MAC address of the public Wi-Fi network. The tools they need to do it aren’t that conspicuous either – they only need a laptop and something as easy to hide as the previously mentioned Wi-Fi Pineapple. 

How to protect yourself from an evil twin attack 

Luckily, there are cybersecurity tips and tricks you can use to protect yourself from connecting to a fake wireless access point or handing over your data if you do:

  1. Disable auto-connect: Despite having smart in the name, your smartphone is anything but, so it will connect to the evil twin public Wi-Fi networks, especially if their signal is stronger. 
  2. Don’t connect to unprotected Wi-Fi: If the Wi-Fi network doesn’t demand a password, it’s unsafe, and much easier to take for evil twin attacks. 
  3. Don’t ignore security notifications: Phones and laptops and whatnot come with security features installed, some of which may notify you of things like network encryption being different than the last time you connected to this Wi-Fi network. Those warnings are important and if you don’t understand what they mean, try googling. 
  4. Don’t access sensitive accounts and services: It’s just a good practice not to do your banking or business email checking on public Wi-Fi. 
  5. Do use a VPN: A virtual private network encrypts your data before it leaves your device. That way, anyone monitoring your data via their man-in-the-middle-attack won’t see anything but useless VPN encrypted data. Naturally, this prevents them from directing you to capture pages and such. 

Stay safe from evil twins 

Forewarned is forearmed, and now you know what evil twin attacks are and how to use basic defenses against them. Of all the methods mentioned here, only one requires an investment in a security tool. So if you listen to our advice and get a VPN, why not get Surfshark?

Leaving nothing for the evil twin to capture

Get Surfshark