Skip to main content

White hat hackers steal data from London Wi-Fi users in "evil twin" attack

White hat ethical hackers set up an "evil twin" Wi-Fi hotspot in London in order to fool people into connecting and having their data harvested, according to a report released by security firm Trend Micro.

An evil twin is a Wi-Fi hotspot that masquerades as a legitimate access point, but is run by a hacker with the intention of stealing people's information.

The two tests were carried out as part of Trend Micro's 2013 Mobile Security Report.

The team used a 4G device and set up a small local Wi-Fi point so that all data heading to and from the hotspot passed through their laptop first.

One test was conducted in the City of London, out in the open. The other was in a small café.

Peter Wood, CEO of First Base Technologies told a panel yesterday that "most people had no idea what could be grabbed."

"What we found was that people were connecting quite deliberately to flat-sharing sites, to TripAdvisor, planning trips," Wood told us. "Not only were we able to see all of those transactions, but also their usernames and passwords, as TripAdvisor transmits that information in plain text – that was a surprise for us."

Wood added that if a user transmitted this information, "a criminal could easily deduce when she was going away, and where she was going."

This isn't an entirely new development. What the team discovered that was particularly interesting was that "the attack could be executed in a truly clandestine way by using one handset to attack another, rather than sitting there with a laptop and a router and a battery pack."

The team found a number of apps that allowed users to grab usernames, passwords and contact lists of smartphone owners who connected to their hotspot. These apps were freely available on the Google Play Store.

Other apps allowed users to scan the wireless network, and force all devices connected to that hotspot to connect through your device. There was also a setting available that would "essentially remove all encryption."

According to the team, the app is just an adaptation of an old piece of software, retrofitted to work on mobile devices.

"If it wasn't on the Play Store, it would still be freely available," they said.

Due to the attack, anyone using an e-commerce site such as Amazon could see their accounts, as well as their bank account details, being severely compromised by such an attack, leading to a high possibility of identity fraud.

The team urged robust education about the risks of connecting to open Wi-Fi.

"The problem is, the technology has changed, but human behaviour hasn't," they told us. "It's like when the car was invented, and people would walk out in front of them because they didn't realise how fast they were. Until people are told that this is unsafe behaviour, they won't change."

When asked how close this capability is to being in the hands of criminal gangs, the panel told ITProPortal, "it already is".

"People think about security as just a matter of not losing your front door keys, but security is about so much more – it's about how things come together."

Wood was sceptical about the possibility of the police keeping up with the emerging threat.

"They've already get their hands full," he said. "A tremendous proportion of the UK economy now depends on the Internet, and no one wants to scaremonger. Unfortunately, they're frightened of frightening people and affecting the economy."

The security of public Wi-Fi has come under scrutiny before, as it was discovered in September that over half of all UK free hotspots allowed users to access adult material.

Image: Flickr (IntelFreePress; circospetto!)