Wi-Fi Eavesdropping (Evil Twin)

Also known as an “evil twin” attack, hackers perform Wi-Fi eavesdropping is a type of man-in-the-middle attack that tricks unsuspecting victims into connecting to a malicious Wi-Fi network. To perform Wi-Fi eavesdropping, a hacker sets up a Wi-Fi hotspot near a location where people usually connect to a public Wi-Fi network. This can be a hotel, a restaurant or your local Starbucks. The hacker then names the hotspot after the actual public network that people use in that location (thus the name “evil twin”).

Since people usually set their devices to remember and automatically reconnect to known Wi-Fi networks, as soon as they come in the vicinity of the malicious hotspot, they automatically connect to it. The user will then think they have been connected to the legitimate network.

Since they are acting as the gatekeeper to the internet, the attackers can now perform a number of man-in-the-middle techniques. For instance, they can perform SSL stripping attacks to force users to go through the unencrypted versions of their favorite websites, or they can stage DNS hijacking to redirect users to bogus versions of the websites they’re trying to connect to.

Because of this and other threats, public Wi-Fi networks are considered extremely unsafe, and most security experts will recommend not using them for any sensitive task such as banking or connecting to social media accounts. However, if you absolutely have to use a public Wi-Fi network, there are a couple of things you can do to make sure you don’t fall victim to Wi-Fi eavesdropping.

One of the most important measures is to disable automatic Wi-Fi connections and make sure you manually select which networks you want to use. It will be a little less convenient, but at least you’ll have a greater chance of avoiding evil twins and MitM attacks.

Another very important protective measure to prevent MitM through Wi-Fi eavesdropping is to use a virtual private network (VPN). VPNs create a secure channel for all your internet traffic, encrypting everything and sending them through an intermediate server. When using a VPN, even if a hacker manages to intercept your communications, all they will see is a stream of encrypted data, and they won’t be able to make sense of it. They won’t even be able to figure out which sites you’re browsing to, so they won’t be able to redirect you to their own malicious copies of the websites.

Frequently Asked Questions
What is a jamming attack?

Denial of service attacks against wireless device targeting the packets by emitting a radio frequency underling network architecture.