WatchGuard warns of rogue Wi-Fi hotspots that could ruin your getaway
Millions of holidaymakers and travellers around the world connect to public Wi-Fi networks on their mobile devices without too much thought about security. But according to cyber security firm WatchGuard Technologies, the presence of ‘evil twins’ means staying safe online when using public hotspots can be anything but.
A team of WatchGuard researchers visited 40 well known locations throughout the UK, Europe and the US, including hotels, transport hubs, shops, banks and restaurants, and were able to create a rogue wireless access point, or evil twin, in all but four of the sites visited. In effect, an evil twin mimics a genuine hotspot so when unsuspecting users connect, they are actually connecting to a hacking device. The evil twin even has the same network name and settings, but in reality, it is a fake from which a hacker can gain access to personal data including passwords or credit card information.
The equipment to set up an evil twin is small enough to be stored in a backpack and is available online for as little as £150. The hacker simply walks into a building, looks for the available Wi-Fi networks and creates the evil twin by replicating the Service Set IDentifier (SSID). The evil twin would then be broadcasting ‘café Wi-Fi’ for example, along with the legitimate network. When customers with laptops, tablets, smartphones and watches connect to the evil twin version the attacker can watch and intercept everything an unsuspecting user is accessing or sending.
“Evil twins are not a new problem but there are more and more public Wi-Fi networks and many of us don’t think twice to log on to check emails or social media and do some online shopping,” said Ryan Orsi, director of product management at WatchGuard. “We would advise anyone to only use public hot spots for browsing the web and not for online shopping or banking. But it’s time for the Wi-Fi providers to do more to prevent these threats. It is simple to scan for rogue access points (APs) and evil twins and block them, but most Wi-Fi provides do not do this.”
As part of its campaign to encourage more secure Wi-Fi, WatchGuard has started a Trusted Wireless Environment campaign to pursue industry cooperation in building secure Wi-Fi standards to protect users against the six most common Wi-Fi threats. You can sign up here: trustedwirelessenvironment.com.
“When we think about the term staying safe on our holidays, we generally interpret this to mean being vigilant and holding on tight to our physical belongings, but the Wi-Fi threat is real. The speed of Wi-Fi adoption has led to a disconnect between access and security but there is no longer any excuse for providing unsecure Wi-Fi and we shouldn’t have to feel we are living dangerously whenever we log on to a Wi-Fi hotspot,” added Ryan Orsi.
For more information, go to: https://www.watchguard.com/wgrd-solutions/security-topics/trusted-wireless-environment