Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks, man charged

The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people.

The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged perpetrator landed at Perth airport, his bags were searched and authorities found a portable wireless access device, a laptop, and a mobile phone in his hand luggage.

The police say that the man, 42, used a portable wireless access device to create ‘evil twin’ free WiFi networks; so called because criminals set up free WiFi access points that mimic the name of legitimate public WiFi networks.

When people tried to connect their devices to the free WiFi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices.

The email and password details harvested could then be used to access more personal information, including bank accounts, emails and messages, photos and videos, and more. 

AFP cybercrime investigators have identified data relating to the use of the alleged fraudulent WiFi pages at airports in Perth, Melbourne and Adelaide, on domestic flights, and at locations linked to the man’s previous employment.

The investigation is ongoing but the man can expect to face nine charges for the alleged cybercrime offences.

‘Evil twin’ attacks are a type of “machine-in-the-middle” attack, where all traffic is routed through a server under the attacker’s control, giving them access to all of the submitted information.

Cybercriminals favour places where people expect to have free WiFi, such as airports, planes, coffee, shops, and libraries. The attacker finds the legitimate network name—known as the SSID (service set identifier)—and creates an access point with the same name.

Access points and wireless router networks broadcast their SSIDs to identify themselves, but the identifiers are not unique. Your device can connect to any SSID if the network has no security options enabled, and it will not be able to differentiate between the legitimate and the fake one.

Evil twin attacks are based on the fact that when two networks have the same SSID and security settings, your device will either connect to the one with the strongest signal or the one it sees first.

How to stay safe from evil twin attacks

There are a few things you can do to protect yourself against this kind of attack.

  • Firstly, do not allow your device to auto-connect to public or unsecure networks. See below on how to turn this off.
  • Look out for unexpected behavior. To connect to a free WiFi network, you shouldn’t have to enter any personal details—such as logging in through an email or social media account.
  • Install a trusted VPN to encrypt the traffic regardless of the network you are using, and even when you’re not visiting websites that HTTPS (Hypertext transfer protocol secure) which encrypts the traffic between a browser and the website.
  • And my personal favorite: Use your own personal hotspot. I use a portable 5G Mifi router, which provides me with reliable high-speed WiFi throughout my domestic journeys.

How to disable auto-connect

When you’re travelling it may be safer to disable auto-connect on Wi-Fi altogether.

On Android it works roughly like this (steps may be slightly different depending on your Android version, device type, and vendor):

Settings > Network & Internet (or Connections) > Wi-Fi > Wi-Fi preferences (or Advanced). Toggle off Connect to public networks.

On iOS you can disable auto-connect by doing this:

Settings > Wi-Fi. Tap the (i) next to the network name and then toggle off Auto-Join.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

https://blog.malwarebytes.com/feed/