2006 - 16,623 views

Summary: Does your favourite wifi hotspot have an evil twin? How would you know an evil twin wi-fi hotspot if you saw one? Just what is a wifi hotspot evil twin, anyways? Remember the Patty Duke show? When Patty and her identical ...

Most Recent Searches that Led to This Page: Evil Twin method wifi hack ARTICLE & FILES, how to set up an Evil Twin wifi spot, mimic wifi, pagina web verizon hackear wifi evel twin

Previous Article « Are You an Ameritrade Customer? Ralph Lauren? LexisNexis? If So You Could Become a Victim of Identity Theft
Read Next Article » Our Readers Comment on Verizon CEO Ivan Seidenberg Dissing Verizon Wireless Customers

Does your favourite wifi hotspot have an evil twin? How would you know an evil twin wi-fi hotspot if you saw one? Just what is a wifi hotspot evil twin, anyways?

Remember the Patty Duke show? When Patty and her identical cousin Cathy would pull the old switcheroo, and Cathy, who was very goody-goody would be replaced with Patty, who was a bit more wild?

Well, it’s the same concept. Only much more insidious.

You’re sitting at your favourite wi-fi hotspot cafe, sipping and surfing. Your computer finds the wifi hotspot for you, and brings up the log-in page. It may be a T-Mobile page, if you are sitting at a Starbucks or Borders, or it may be some other page, and you log in. Or there may be no log-in page at all – your computer may just connect to the “hotspot”, if that’s how that cafe is set up.

Only, the “hotspot” to which you have connected isn’t actually the cafe’s wi-fi hotspot at all. It’s some hacker who is in the area, quite possibly sitting next to you sipping his Evil Twin Mochachino with extra Hack, who has his laptop with him and set up to work as an access point – a machine through which you can connect to the Internet.

Your computer thinks it’s the cafe’s legitimate wi-fi hotspot; his computer thinks “sucker”.

You, oblivious to the fact that your connection has been hijacked by the evil twin, sit there sucking down the caffeine while his computer sits there sucking down your personal information, anything you transmit from your computer to the Internet, reading your email – you name it, he’s capturing it.

Ouch.

So how can you avoid a blind date with the Evil Twin?

First and foremost, check your wi-fi settings on your computer! (“Well, duh,” you say, to which I say “duh indeed!”) Is your computer set to search out and lock on to the nearest wifi hotspot? If so, the next hotspot may be an evil twin hotspot. Change that setting.

Second, think very carefully before you send any sensitive data when using a public wi-fi hotspot. Ask yourself this question: “Which is more important? That I perform this transaction right now? Or that this data not fall into the hands of the wrong person – such as the Evil Twin Hacker?”

Third, know your sites. If you have to conduct sensitive business on the Internet, from a wifi hotspot, take extra care to really scrutinize the page you are on before sending any sensitive information. These guys are good. They can recreate, fake and serve up a lot of commonly used pages. Make sure that the page really is a secure page (look for the little key at the bottom of your browser or whatever your browser uses to indicate “secure”).

Also, if you must conduct financial transactions on the Internet, from public hotspots, instead of using a credit card consider using a debit card which is not tied to any other of your accounts, and keep only a limited amount of funds in the account. That way if your account is compromised, you can fairly easily contain the damages to just the amount in the account, and close the account.

By the way, a few of you have asked us why in this article we have used both “wifi” and “wi-fi” interchangeably. It’s because this is such an important issue that we want people searching for it either way to be able to find it.

You May Also Like:

Evil Twin Wifi Shows Up at IT Conference

Can’t Log in to the T-Mobile Hotspot? Here’s a Work-Around!

T-Mobile Offers Unlimited Wifi Phone “HotSpot @Home” for Only $20 per Month

How to Connect to a Starbucks AT and T Wifi Hotspot with a 3G iPad

Free Citywide Wifi – User Boon or Starbucks Devil?

For additional similar stories check out our archives on Hacking, Security

Comments (7)

7 Comments - Newest First

CallingID is a brouser plugin that will warn you if you are on a risky or bogous website. I have been using it for several months, it is free and easy to use. http://www.callingid.com/Default.aspx

Comment by MediaMan — 3/1/2006 @ 4:33 pm
Here is a link to a service called Hotspot VPV. It encrypts all traffic between you and the web as it traverses public hotspots.

Comment by Frank — 4/24/2005 @ 4:23 am
Here is a link to a service called Hotspot VPN. It gives you a secure tunnel to the internet. It keeps any traffic between you any the web encrypted as it passes through a Hotspot. Our security guru says this is a must have for business travellers.

Comment by Frank — 4/24/2005 @ 4:19 am
So, how DOES one avoid Evil Twin hotspots or find out if on one? What IS the setting mentioned in “First and foremost”. The article doesn’t answer that, and would be an EXTREMELY helpful fix.

Comment by SecretMan — 4/21/2005 @ 6:01 am
In the United States, credit card losses are limited to $50, and most credit card companies don’t even make you pay that.

If is much safer to use a credit card than a debit card in the US.

Comment by Anonymous — 3/21/2005 @ 12:46 pm
The idea behind a debit card is to limit your losses. DON’T use one tied to your bank account!

If you pre-load it with $100, and someone gets it, they can only get that $100. If for some reason you put $1000 on the card, and they try to charge $2000 against it, it should be declined.

That said, I agree that using a throw-away number tied (briefly) to a credit card is probably safer in the long run.

Comment by Kelson — 3/18/2005 @ 4:09 pm
Why say use a debit card? I am not sure what my banks issues are on fraudulant purchases, but with a debt card wouldnt you lose your money faster, or have more issues. Say if you only had $1000 and they used $2000, you would get charged for then, then have to say it was fradulant, whereas with a credit card, they can usually hold that ammount that was “stolen” until a resolution is resolved on the issue. I know this about the credit cards only because despite my frantic abilities of checking, thinking i was secure, and only using my credit card in a few locations, and ALWAYS made sure it was a secured and legit page, my CC# was still stolen.
I would say use one of those cards where you can generate a “throw away” number, or if you are that worried about your data outside of a perticular location, use SSH tunneling to that location, so all data out of this wifi evil twin can still be used to full advantages and the evil twin may never be able to get your data.

Comment by localhost — 3/18/2005 @ 1:40 pm

Sorry, the comment form is closed at this time.

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. In some cases, after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol. All that said, ads by Google are not our recommendations, and are selected and served by Google, and we do not control what those ads display.

The Internet Patrol
A Division of ISIPP Publishing
Anne P. Mitchell, Esq. - Editor

About
About The Internet Patrol

Authors
About Our Authors
Author Quicklinks:
Anne P. Mitchell (articles)
Jessica Harris (articles)
Evan Sandsmark (articles)
Tom Gulley (articles)

Follow Anne On:

Twitter
Google +
Linked In
Facebook

*Twitter Explained in Plain English

Recent Comments to Our Articles

Shelley: I have had the same issue and am absolutely fuming.. My funds are withheld by PayPal due to me being a new seller, even though I have 100% feedback and always ship the next day.. I have registered a complaint with PayPal (for all the good it will do). Obviously this practice has... read

Susan: Fantastic, thank you, it’s so easy and it works!! My Mac doesn’t show the player the same way, it’s just a square black box with a pair of notes in it, but click on the box and the play/stop buttons appear… and it plays :o) read

POF banned twice: I happened to find this site while searching for POF bannings. I have been banned twice for basically the same thing. In my profile I stated I am not open to dating men who have kids and in the first case several men reported my profile for that. In the second case I stated... read

Tom N: There was literally no reason for them to do this to me, so they said I was a new seller, I first sold an item in 2004. I have 100% feedback rating. The customer service is located in the Philippines. I told them that in this country, when you buy an item you pay for it before you get... read

Mandip Shrestha: Dear Mandip Shrestha, This is to confirm your winning as your email ID was selected through a computer ballot system drawn from millions of email ID’s of both companies and individuals. We congratulate you as one of the lucky winners in the BBC One online lottery promotion... read

Amber: Thank you! From now on, I worship you for making this. read

Helen: I am dyslexic and sometimes I have to read something 20 times or same for writing before I understand or write correctly. I am on full moderation for this. I have been treated so rude and discriminated against. I have been told I can leave the group. That they will never take me off... read

Donathan Tandoc: Will icloud let us redownload our content purchased before icloud was announced? Like the music I bought a year ago? will i get charge for redownloading? read

gmailer: My recent sent emails have been disappeared as well. Does anyone know how to recover them? Thanks read

Pete Laberge: Sorry, but I will back RIM on this one. He’s making a business case. And he’s positioned to be able to. At one time, the commodore PET was the b-all and end-all. Then came the Apple ][ Remember the heady days of “Apple // Forever!”? Seen one lately? Then... read

Pete Laberge: I get zillions of these in Canada. My ISP/phone company allows me to maintain my own number block list via the net. I blocked SO Many such numbers that I FILLED the list. I had to void/kill it and start over…. And oh yes, those people who want to sell you the car warranty... read

r m: this never happened to me on YAHOO!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! !!!!!!!!!! read

Katherine Reschke: I had this charge and it was from a legitimate purchase I made from another site (Priceplunge.com) read

Pete Laberge: Simple: have one UNIFIED Internet Sales Tax…. Charged at say, 10% and collected by the Feds. Split would be: 1/3 to Feds, 1/3 to buyer’s State, 1/3 to seller’s state. I admit my idea does not cover everything, but it is a start…. read

Jeff: WOW! How funny I had the same experience. Today I disputed all the charges with my bank, cancelled my debit card and filed a complaint against the company at bbb.org. The are a real scam! read