Does your favourite wifi hotspot have an evil twin? How would you know an evil twin wi-fi hotspot if you saw one? Just what is a wifi hotspot evil twin, anyways?
Remember the Patty Duke show? When Patty and her identical cousin Cathy would pull the old switcheroo, and Cathy, who was very goody-goody would be replaced with Patty, who was a bit more wild?
Well, it’s the same concept. Only much more insidious.
You’re sitting at your favourite wi-fi hotspot cafe, sipping and surfing. Your computer finds the wifi hotspot for you, and brings up the log-in page. It may be a T-Mobile page, if you are sitting at a Starbucks or Borders, or it may be some other page, and you log in. Or there may be no log-in page at all – your computer may just connect to the “hotspot”, if that’s how that cafe is set up.
Only, the “hotspot” to which you have connected isn’t actually the cafe’s wi-fi hotspot at all. It’s some hacker who is in the area, quite possibly sitting next to you sipping his Evil Twin Mochachino with extra Hack, who has his laptop with him and set up to work as an access point – a machine through which you can connect to the Internet.
Your computer thinks it’s the cafe’s legitimate wi-fi hotspot; his computer thinks “sucker”.
You, oblivious to the fact that your connection has been hijacked by the evil twin, sit there sucking down the caffeine while his computer sits there sucking down your personal information, anything you transmit from your computer to the Internet, reading your email – you name it, he’s capturing it.
So how can you avoid a blind date with the Evil Twin?
First and foremost, check your wi-fi settings on your computer! (“Well, duh,” you say, to which I say “duh indeed!”) Is your computer set to search out and lock on to the nearest wifi hotspot? If so, the next hotspot may be an evil twin hotspot. Change that setting.
Second, think very carefully before you send any sensitive data when using a public wi-fi hotspot. Ask yourself this question: “Which is more important? That I perform this transaction right now? Or that this data not fall into the hands of the wrong person – such as the Evil Twin Hacker?”
Third, know your sites. If you have to conduct sensitive business on the Internet, from a wifi hotspot, take extra care to really scrutinize the page you are on before sending any sensitive information. These guys are good. They can recreate, fake and serve up a lot of commonly used pages. Make sure that the page really is a secure page (look for the little key at the bottom of your browser or whatever your browser uses to indicate “secure”).
Also, if you must conduct financial transactions on the Internet, from public hotspots, instead of using a credit card consider using a debit card which is not tied to any other of your accounts, and keep only a limited amount of funds in the account. That way if your account is compromised, you can fairly easily contain the damages to just the amount in the account, and close the account.
By the way, a few of you have asked us why in this article we have used both “wifi” and “wi-fi” interchangeably. It’s because this is such an important issue that we want people searching for it either way to be able to find it.