Following the Australian federal police charging a Western Australian man with allegedly setting up fake free Wi-fi networks at a number of Oz airports as well as on domestic flights with the intention of stealing personal data from those who logged onto it, a cybersecurity firm has warned that the problem could be much graver than previously suspected.
Criminals can now target unsuspecting users using a simple device they can buy on eBay for A$20 which can fit into a pocket or a backpack, according to Texas-based Zimperium which has built a “mobile threat defence” shield at a data centre in Canberra.
The illegal practice includes creating an “evil twin” wifi network – those which mimics legitimate networks – to trick users into entering their personal details which is then captured by the hacker.
While the AFP’s arrest of the Western Australian man was linked to incidents at Perth, Adelaide and Melbourne, Zimperium showed The Australian data that revealed hundreds of attacks were happening each day in major regional centre too such as Cairns and Alice Springs.
Zimperium regional sales manager Simon Scaife reportedly showed cases of where the company was detecting wifi networks posing as well-known airline lounges in the middle of capital cities, far away from the actual location of an airport.
“If you’ve been at the Qantas Club and you’ve used their free Wi-Fi a year ago you go back in tomorrow, bang, you want to connect and you’re online. Same with Starbucks, same with your friend’s Wi-Fi, their Telstra modem. It’s a great feature for seamless connectivity. It means no passwords or whatever,” said Scaife.
“But if someone spoofs that and emulates the same SSID then you know it’s dangerous because your phone says ‘I know you, let’s chat, we can communicate’. (A hacker can) then can intercept your traffic, downgrade the transport layer security and look at a banking session, your email, your communication with work or personal networks.”
Some of the precautions that individuals are being encouraged to undertake to prevent being scammed is to remember that when they connect to a free Wi-Fi network, they shouldn’t have to enter any personal details such as logging in through an email or social media account.
If they want to use public Wi-Fi hotspots, installing a VPN on their devices to encrypt and secure data could help. Another precaution that can be followed is to disable file sharing when using public networks. Also, once a user has finished using that network, they must change your device settings to ‘forget network’.
On iPhones, people could also tap the edit button in the top right corner of the screen in Wi-Fi settings where they can view networks they’ve accessed and delete them to prevent the phone from automatically trying to connect to those networks.
