EVIL TWIN ON PLANE

An Australian man has been charged for configuring fake Wi-Fi access points during domestic flights with the agenda to steal users’ credentials and data. The unnamed 42-year-old man ran fake free Wi-Fi networks, which mimicked legitimate networks, to capture personal data from victims on flights who mistakenly thought they were real, the Australian Federal Police said in a press release. The agency launched an investigation after airline employees reported a suspicious Wi-Fi network during one of their domestic flights.

     A thorough search of the suspects baggage on April 19 resulted in the seizure of a portable wireless access device, a mobile phone, and a laptop. The suspect was arrested on May 8th after a search warrant was performed at his home. He confessed to staging what is called an evil twin in the tech industry across various locations, including domestic flights and airports in Perth, Adelaide, and Melbourne to impersonate legit Wi-Fi networks. Users who were affected, attempted to connect to the fake network and were then prompted to enter their social media credentials or email address through a captive portal web page. The email and password were then harvested to access more personal information such as stored imaged and videos and bank details.

  When using public Wi-Fi, users should not have to enter personal information such as logging in through social media accounts or email. Users should verify the exact spelling of the SSID displayed or given to them by the organization and alert an employee if there are two that are similar and any other red flags to confirm that the network they are connecting to is legitimate. Users should also consider using a VPN on all mobile devices to encrypt and secure data when using the internet in public places.