Public Wireless, or its Evil Twin?

Dennis Faas's picture

The next time you're in an airport, train station, bus station, coffee house, or other public place and decide to "jack in" to the Internet, you might well be exposing yourself to identity thieves -- or worse.

Here's how it works: the girl across from you in the airport coffee shop has a laptop in her briefcase that's set as an 'access point', or a 'WiFi hotspot'. She's even given the access point a legitimate-sounding ID, say, something like "Free Airport WiFi". You power up your own laptop, quickly browse for available networks, see "Free Airport WiFi", note that it's unsecured but ignoring that, you connect.

On connecting, her computer promptly proxies your access to the web and begins feeding your laptop with look-a-like pages for your banks, email access portals, or other sites. She's recording everything that passes through her access point. She's an "evil twin".

OK, suppose you don't connect to the Free Airport WiFi. Suppose instead you go to the connection labeled "Verizon Wireless Hotspot" and connect to it. After all, you know Verizon is a common wireless provider. Unbeknownst to you, however, there's a kid down the hall with a laptop in his knapsack, that is doing the same thing as the girl in the coffee shop. Except his access point is proxying pages that look just like the sign-on pages to Verizon. Of course, the pages you see are familiar. They offer you service for $8.95 for the day -- just like Verizon -- and ask for your credit card information -- just like Verizon. So you enter your credit card information.

That's how easy it is. Ignoring your browser's pop-up warnings, not checking to see if the "lock" icon is displayed on the URL address bar, and not ensuring you have a secure (https) link also make it easy. (Source:

A recent survey of 14 U.S. and 3 Asian airports found that more than half of the available networks were open and unsecured (this included some airline or airport operations networks). Of the remaining secured networks, most used the weaker WEP protection rather than the stronger WPA. That only makes it easier for third-parties to hack into any data being sent to and from the wireless access point.

Clearly, wireless access is not as tame as you might have thought. So, if you use public wireless make sure you do the following:

  • (a) Use a VPN whenever possible
  • (b) Choose websites that offer secure connections
  • (c) Choose a network that offers WPA (Wireless Protected Access)
  • (d) Avoid connecting to unknown public WiFi's just because their available
  • (e) Never connect to "peer-to-peer" or "ad-hoc" networks
  • (f) Only send private information over a public network if you're using a secure site.


If you don't heed these precautions, you may find that instead of connecting to a network to do business, you're connecting to its "evil twin."

Rate this article: 
No votes yet