Does Your Wi-Fi Hotspot Have an Evil Twin?

Filed under
Security

Identity thieves are going wireless in their quest to steal your personal info.

You may want to think twice before logging into a public wireless hotspot. Sure, grabbing a few minutes of connectivity is convenient, but identity thieves are discovering that, through "evil twin" attacks, hotspots are a great way to steal unsuspecting users' private information. So how does an evil twin attack work?

Let's say that I'm a hacker. I set up my computer to transmit a signal that turns my PC into an access point, or Wi-Fi hotspot. I'll even give it a legitimate-sounding name, like T-Mobile Hotspot, to fool unsuspecting surfers.

Next, I put my laptop in a backpack and read a newspaper while sipping some java at the local coffee shop. All I have to do is wait for you to connect. (And if I'm looking to steal from you, I'll require you to enter a credit card number to get access, just like T-Mobile does--then I'll have your credit card information.) While you surf the Web, my computer redirects you to Web pages I have created that happen to look like the ones you visit on a daily basis.

In fact, the only difference between the Citibank page you visit every day and the one I have made is that my page is unencrypted. I can log all of the information you input into various Web forms, and when you check your e-mail, I can read it along with you.

Full Story.