A fake Wi-Fi hotspot represents a clone of a genuine hotspot that’s trusted by Internet users. The trusted hotspot is typically public, like an airport, hotel, coffee shop, subway station or shopping mall. But it can also be a private connection initiated by a neighbor.
What makes the true wireless connection vulnerable to cybercriminals is that it’s not protected with a password. By copying all properties of the real wireless connection (including SSID) and putting them into a new Wi-Fi access point, hackers are capable of putting together a new, fake hotspot.
At this point, you connect to the rogue network thinking that it’s genuine. In fact, you will unintentionally expose your network traffic to eavesdroppers, allowing them to acquire your personal data.
What are the risks of using open Wi-Fi networks
In May 2017, Symantec’s Norton conducted a survey for 15,532 mobile device users (worldwide) who used public wireless networks. Out of these, 1,002 were US citizens. It was revealed that almost 70% of Americans think their personal data is safe when using public Wi-Fi, but 41% can’t tell apart secure from insecure networks.
On the other hand, if their personal data were stolen by hackers, there would be a considerable number of concerned users: 40% horrified (stolen banking info), 40% angry (stolen private photos), 33% worried (stolen children’s schedule and other details) and 19% embarrassed (stolen private chats).
There are too many dangers involved with using public hotspots, which certainly outweigh the reasons why you go through with it anyway.
Stolen identity and malware sharing to friends
Once you connect to the fake hotspot, cybercriminals can take advantage of your position and analyze the data packets you send and receive to obtain any information of interest. There’s nothing stopping them from performing man-in-the-middle attacks (MITMs), which means that hackers can divert communications exchanged between you and the other party, and even manipulate the messages by stealing your identity. In fact, if a MITM over the WiFi is performed correctly, it’s almost impossible to detect it.
For example, the hacker can ask for personal photos from the other person you were talking to (on your behalf) or spread malware via links. It’s possible to infect the computers of people you are in touch with online, like friends, family and coworkers by asking them to click on links under false pretexts: “Check out these cool photos I took during the weekend!”, for example.
By rightfully assuming you are the person on the other end of the line, a person whom they trust, your acquaintances click on the links thinking they open pages with your promised photographs. In fact, the links direct them to phishing and other malware sites capable of infecting their devices and maybe even breaking down their systems. Therefore, without getting equipped with the proper tools for protecting your Internet connection from hackers, you are exposing not only yourself to dangers but also those around you. This is why you keep hearing people and companies advising you to never share sensitive data over unencrypted connections: you never know who might be overseeing it. It might all seem science-fiction but, unfortunately, this is currently possible.
Stolen login credentials, credit card details and private photos
Hackers can get hold of your login credentials on email, Facebook, Twitter, Instagram and all information associated with your accounts. According to the same survey conducted by Norton that we previously mentioned, 92% of Americans admit to using public, unprotected Wi-Fi in some risky way, like logging into a personal email account (62%), signing into social media accounts (56%), sharing photos and videos (48%), checking bank accounts (32%) or entering credit card info for shopping (22%). This only proves there’s a lot of precious data that can be easily stolen over public hotspots.
By taking over your online identity, hackers can snoop around your accounts to open downloaded files, see private photos that were never meant for the public eye, open confidential documents of your workplace, and more. You must have definitely heard of iCloud leaks, where hundreds of private pictures belonging to celebrities were stolen and posted on the web. It was the result of successful phishing attacks, where in-depth information about each individual was collected to guess the correct iCloud password. Well, having account credentials stolen through an insecure hotspot is faster because there’s no guessing involved.
Overloaded bandwidth or used for illegal activities
Perhaps the unauthorized device connection established to your private wireless network seems harmless, whether the network we’re talking about belongs to your home or workplace. It might be a neighbor who’s just interested in sending an urgent email or reading online news. And maybe you think to yourself that, sure, you could be kind-hearted at least this one time, help out this neighbor and allow their connection.
The bleak side of this story is that the rogue access point might be only interested in stealing your bandwidth. It may not seem like a big deal, especially if you have an unlimited monthly plan. But consider that you might be unwillingly harboring a hacker who’s looking to perform man-in-the-middle attacks anywhere in the world, post hate speech, acquire illegal content like child pornography, steal secret documents from the government, and so on.
In other words, we’re talking about a real hacker that means serious business. And even if you’re the type of person who can comfortably sleep at night when thinking about this, since it seemingly has nothing to do with you, consider that the hacker will be traced back to your IP address because they are piggybacking on your private hotspot. We imagine you wouldn’t want the hassle of dealing with the local authorities when they come knocking at your door and asking questions about suspicious activities associated with your IP address.
How to spot and avoid fake Wi-Fi hotspots
It’s difficult for casual users to identify fake Wi-Fi hotspots without digging into the matter a little. Even if you take a look at the wireless network properties to compare two identical hotspots, you might see they have the same primary network name, which is represented by the service set identifier (SSID).
In some cases, the hacker kicks it up a notch by using the same MAC address as the one of the true Wi-Fi hotpot, in an attempt to lay your suspicions to rest. Nevertheless, there are several aspects that you should look out for when you’re planning to go to a public place and use their wireless Internet connection.
Stay away from Wi-Fi whose name contains “Free”
A lot of hackers try to trick you into connecting to their rogue hotspots by adding “Free” to the name of the original network, usually at the beginning or end of the name. Being aware of this, most businesses don’t use free hotspots anymore. For example, you might have noticed when going to a restaurant or bar that you have to ask the waiter for the wifi password, although it’s free. If you’re going to the airport, you might see two hotpots called “Airport Wi-Fi” (which is encrypted) and “Free Airport Wi-Fi” or “Airport Wi-Fi Free” (which are not encrypted). You should avoid these type of connections at all costs if you want to protect yourself from cybercriminals.
Avoid unencrypted Wi-Fi connections
Generally speaking, insecure wireless network connections shouldn’t exist due to the high risk of security risks they involve. They are irresistible not only to casual users but also to cybercriminals due to the same reasons, especially since the hacker becomes just another face in the crowd and can easily carry out its malicious behavior by hiding in plain sight. Depending on which operating system or platform you’re using, you can easily spot open networks by an exclamation point (on Windows) or lack of a lock symbol (on macOS, iOS and Android).
Fend off Wi-Fi networks that accept any password
As strange as it may sound, some hackers take it up a notch and create fake wireless networks with password protection. However, this is only a trick. It’s not actually password protection since any key you enter will be accepted by the remote server. To be cautious about this, try entering a wrong password on purpose to see what happens. If you don’t receive an error message, something in the lines of “failure to connect”, then it’s time to disconnect, step away from the open hotspot and probably stop using the Internet for the time being if you cannot find an encrypted line.
Keep an eye out for suspiciously slow Internet connections
Unfortunately, slow Internet connections exist everywhere in the world, especially when it comes to public hotspots like airports, cafes, bars and hotels. If many people are connected to the same access point as you, they might be hogging the bandwidth, thus causing decreased network speed.
While slow Internet isn’t a fullproof method for spotting fake Wi-Fi hotspots, it can be a sign that a hacker is monitoring your Internet traffic from remote, mobile devices that are typically slower than desktops or laptops. Perhaps this symptom can be identified easier if you’re a regular Internet user of that particular hotpot, since you can compare the current connection speed to past sessions. In any case, if you suspect this to be true, and especially if you have the possibility to connect to another hotspot nearby, it’s better to be safe than sorry.
Mind HTTP and HTTPS pages when surfing the web (SSL connections)
HTTPS represents an extension of HTTP, where the “S” stands for “Secure”. Until recently, it was used only on websites where security was essential, like financial transactions. However, since hackers have been spotted on all types of websites with sensitive data, HTTPS has started to gradually replace HTTP. HTTPS keeps you safe from man-in-the-middle attacks.
After connecting to a WiFi hotspot, try accessing several websites that normally have top-notch security, such as Paypal. If you spot HTTP at the beginning of the URL in the address bar (instead of HTTPS), then it’s probably a clone of the original websites. It means that you’re connected to a fake Wi-Fi hotspot and, as soon as you enter your login credentials or banking details, they will be stolen by the cybercriminal. It’s all thanks to the rogue wireless network, so you should definitely disconnect if you come across HTTP websites.
Use Skycure Threat Map
Skycure is a cybersecurity startup company that was purchased by Symantec, the security software giant. Considered as a leader in mobile threat defense, this startup came up with Skycure Threat Maps, an online service that gives you the possibility to find unsafe WiFi hotspots anywhere in the world. All you have to do is enter the name of a city or country, select it from the Google Suggestions list, then view Google Maps results in real time.
Suspicious WiFi hotspots are represented by markers, which are scattered within the perimeter for each known threat. The threat could be a malicious attack that took place and was caught, or could simply represent security levels that are too for conducting private matters over the network in question. Clicking any marker from the map reveals the hotspot’s name and a photograph of its whereabouts. The app is also available for Android and iOS users as SEP Mobile.
Rogue access points
If a wireless access point was illegally set up on a private network (without permission from the network’s admin), then it can be considered a rogue access point. This can be achieved by a hacker who intends to scan the private network for security vulnerabilities and exploit them. Keep in mind that all of this can be done remotely, so the hacker doesn’t have to be inside the building but somewhere nearby.
Rogue access points can also be created by a company’s employee that doesn’t actually have evil intentions but wishes to access the private network easier from their smartphone, to name an example. To simplify the task further, the employee leaves the newly installed access point unprotected or protected with a weak password that’s easy to remember. Subsequently, the company’s intranet becomes exposed to hackers.
What a rogue access point does is broadcast its own wireless signal, basically extending the range of the genuine network. When you connect to the rogue, you do gain access to the Internet traffic facilitated by the genuine network. However, all traffic passes through the rogue access point. Since the rogue is unprotected, all data you send and receive can be seen by hackers. On top of that, the hacker can take advantage of the rogue access points to launch DDoS attacks to kick you out of the network.
How to spot rogue access points
A rule of thumb is to regularly check your trusted wireless network connections to make sure there are no intruders waiting for you to sign in, even if your Wi-Fi is protected. Picture it as taking a good look in your backyard before going to bed, even after locking your doors and shutting the windows, to make sure that nobody has climbed over the fence: there’s a slim chance of it ever happening (especially if you live in a good neighborhood), but it’s a creeping thought nonetheless.
To verify your network connection for any unknown devices, you have to first be familiarized with IP addresses and how they work. To be more accurate, running this kind of checkups requires basic understanding of a public IP address (representing the address of your entire network, assigned to the router), local IP address (assigned to each device in your closed network, where all devices are connected to the same router) and MAC address (assigned to the network adapter).
MAC addresses can be easily spoofed by hackers with the appropriate tools, in an effort to blend in with the rest of your devices. This is why you should create a list with the MAC addresses of your existing devices, so that you can run regular checkups and spot anything unknown.
- Launch a command prompt window (press Win+R to open the Run window, type cmd, press Enter)
- Type ipconfig and press Enter to list details about all your network connections
- Locate the network you use to connect to the Internet (e.g. Wireless LAN Adapter Wi-FI), then find and copy the Default Gateway (e.g. 192.168.1.1). This IP address will be used to access your router’s settings
- Launch a web browser and paste the Default Gateway you copied in the address bar. It should take you to your router’s page of settings.
Note: It’s necessary to enter the router’s username and password here to log in. The default credentials should be noted either on the physical router or on a piece of paper received from your ISP after installing your Internet. Otherwise, you can look up the default user and pass on the web, or go reset the credentials in the worst case scenario.
- Depending on the router type, you can find information about all devices currently connected to it. For example, TP-Link routers show the IP address, MAC address, host name and connection type of each wired and wireless device.
Just like in Windows, you can visit your router’s settings page to check out all devices currently connected to your network.
To obtain the IP address of your router:
- Click the Apple button on the upper-left corner of the desktop to open a menu and select System Preferences
- In System Preferences, find and click Network to open a new window
- In Network, you can see a list of all your current connections on the left side. Locate and click the connection that provides you with direct Internet access
- The IP address of your router is displayed next to Router
- Copy this IP address and paste it in your web browser to visit the router settings page
- Depending on the router type, you can find information about all devices currently connected to it. For example, TP-Link routers show the IP address, MAC address, host name and connection type of each wired and wireless device.
If it’s not possible to resort to the router trick, then you can either install third-party, specialized applications, or identify unknown devices connected to your Wi-Fi by their MAC address:
- Open a Terminal window and press the Enter key after every command
- Type networksetup -listallhardwarereports to view a list of all network hardware (including inactive ones), including network type, device name and MAC address
- Type arp -a to view the MAC address of each network device. In addition, you can view IP addresses.
Similarly, you can access the settings page of your router using a web browser, in order to see the IP addresses and other relevant information about all devices currently connected to your device.
Getting hold of the router’s gateway address is easy:
- Open a Terminal window
- Type ip route and press Enter to send this command
- Click the arrow down button on the upper-right side of the desktop to open a menu and click the settings button
- Locate and click Network to open this window
- From the left side of the Network window, find and click the network connection that provides you with direct Internet access
- The right side of the selected network connection displays details, including the Default Route, which is the gateway address of your router
- Copy the IP address and paste it in your web browser
- Access the router page and enter your login credentials
- Depending on what kind of router you have, you can find data about all devices currently connected to it. For instance, TP-Link routers reveal the IP address, MAC address, host name and connection type of each wired and wireless device.
Use Wireless Network Watcher (Windows only)
There are simpler ways to check your wifi network connection for suspicious devices, thanks to software applications made by third-party developers. Wireless Network Watcher is an excellent example in this regard. It automatically detects all devices connected to the same network you’re currently using.
Wireless Network Watcher also creates a detailed report about each device like local IP address, host name, MAC address, user name, when it was first and last detected, and if it’s still currently connected. It even shows devices that were connected in the past and no longer active, and it can beep you whenever a new device connects or disconnects.
Use Angry IP Scanner (Windows, macOS, Linux)
Another software application example is Angry IP Scanner. It works differently from Wireless Network Watcher since it scans all local IP addresses within any given range, showing hosts whether they are alive or dead. Alive hosts are considered the remote devices which send back ping responses.
But the tool also takes into account hosts with open ports. Since open ports mean that your devices are susceptible to remote attacks (like leaving open windows at home), you might be interested in turning them off from the Windows Firewall.
Use Nmap or ZenMap (Windows, macOS, Linux)
It’s not advisable for casual users to resort to Nmap for network analysis since it’s more advanced than the previous two software solutions. Nmap is an open-source command-line utility that can discover hosts and services by sending network packets and by analyzing received data.
It can even detect what operating system is being used by each device connected to your WiFi network, together with open ports, application names and version numbers, reverse DNS names, types of devices, and MAC addresses. There’s also a GUI counterpart available called ZenMap, which aims to bring intuitive options for beginners while preserving the same advanced features for experienced users.
Use Fing (Android and iOS)
Fing is a cool app for Android and iOS users, which can discover all devices connected to the same wireless network. It creates a list with the name, internal IP address, host name and MAC address of each identified device. Besides, the tool keeps track of history, showing devices which are no longer connected to the network.
By tapping a device in the list, you can enter a nickname, notes and location (if you know it), mark favorites to be able to easily look them up later, as well as view first and last seen date/time. Additional functions can be used to ping the device, trace route, find open ports, and send Wake-on-LAN signals.
Use Network Analyzer (Android and iOS)
This app can be considered a priceless gem for Android and iOS users, especially since it’s completely free. Wrapped in a really easy-to-understand interface, Network Analyzer is the type of application that has everything you need for monitoring WiFi networks and identifying any existing issues.
It has a LAN scanner for identifying all devices from your intranet, revealing their local IP address, MAC address, host name and manufacturer. You can get whois information, send pings, run trace route, find open ports, and get DNS details.
Further, you can check out details about all wireless networks in your range, including MAC address, security type and signal strength (relative to your current device), as well as toggle 2.4Ghz and 5Ghz Wi-Fi mode. If there’s a fake Wi-Fi hotspot nearby, you might be able to narrow it down by using these properties and excluding known legitimate connections.
Protect your data with a VPN service and other tools
The role of a VPN (virtual private network) is to encrypt all data you send and receive over the Internet, even if you are using an unprotected public Wi-Fi connection. It’s the type of software application that can be installed on any device and operating system, including Windows, Linux, macOS, Android, iOS, desktops, laptops, tablets, smartphones and even routers to protect all devices connected to the router. Even if hackers manage to intercept your connection and retrieve personal data, they would not be able to decrypt and read the scrambled code.
Safely connecting to public Wi-Fi hotspot as well as having secure conversations with a friend or employer over text messages or VoIP calls are just some of the best reasons why people use VPN services. But there are other ways to strengthen your security, too, especially when it comes to fake wireless hotspots and rogue access points.
Use DNSCrypt to prevent DNS spoofing
Hackers are capable of redirecting your Internet traffic to their fake website through DNS spoofing. By tinkering with the DNS protocol, it’s possible to convert domain names to illegitimate IP addresses, subsequently opening the door to data theft. For example, if you want to visit a shopping website by typing its URL and hitting Enter, you might be redirected to a fake page that looks just the same. Once you enter your credit card details to buy a product, you basically give away your credit card to someone else. To prevent this from happening, you can turn to DNSCrypt, a free utility designed to stop DNS spoofing.
Use HTTPS Everywhere to enable HTTPS
We previously talked about the importance of keeping an eye out for the URLs of visited pages to make sure that HTTPS is being used instead of HTTP, especially when considering websites with sensitive data, like banking, shopping or email services: basically, any website that requires you to fill in data.
However, if you don’t want to go through the hassle of remembering HTTPS every time you go online, then you can employ the services of a browser extension like HTTPS Everywhere. Available for Mozilla Firefox, Google Chrome and Opera, the addon can automatically switch to the HTTPS version of the same HTTP page (if it exists) as well as optionally block any websites which don’t have HTTPS support. Alternative browser extensions are Smart HTTPS and ForceHTTPS.
Use an ad-blocker to eliminate the risk of malware
The fact that it’s really annoying to spot ads and banners everywhere you go on the Internet isn’t the worst part. These forms of marketing content have to be clicked to open a page. It’s easy for cybercriminals to take advantage of this and redirect users to their own pages with malware.
Therefore, it’s important to have an ad-blocker installed and active at all times. This type of software cannot literally protect you from malware but it does a better job: cutting the source of the problem. By simply disabling ads, there is no risk of clicking something you shouldn’t had.
Not all VPN services come with integrated ad-blockers, though. Fortunately, there are many skilled browser extensions that can do a great job, whether you’re interested in intuitive settings for basic users (Adblock Plus, uBlock Origin, Ghostery, Privacy Badger) or advanced options (NoScript, uMatrix).
Use tools to check website reputation and safety
WOT (Web of Trust) is an online service that permits users to give ratings to any website, in order to ensure a safer browsing experience. It’s been around for a long time and has become successful in creating a large database of reputation ratings. You can use the web-based service to look up safety reports on any website, as well as check out crowd-sourced reviews about various indicators of trust. There are also browser extensions available (Mozilla Firefox, Google Chrome, Opera), along with an Android app.
However, you can also resort to other tools designed to scan links for phishing or other types of malware. For example, Google Safe Browsing lets you know if any page has been infected with malware in the last 60 days. Another example is Trend Micro Site Safety Center, which takes several factors into account to check if a website is safe, dangerous or suspicious, like historical locations and suspicious activity based on malware behavioral analysis.
Meanwhile, URLVoid identifies potentially malicious sites by cross-checking its database with over 30 blacklist engines (including Google Blacklist), producing safety reports. BitDefender TrafficLight is a bit more advanced since it can analyze website results on search engines, scan pages for phishing attempts, block malware attempts, keep you safe from online frauds and scams, as well as warn about malicious links on Facebook and Twitter. It’s a browser extension for Mozilla Firefox, Google Chrome and Safari. Other online services for checking website reputations are Norton Safe Web and Webroot BrightCloud.
Turn off sharing options
In Windows, for example, it’s necessary to turn on Network Discovery to be able to access resources on a remote server in the local network. This means that you become visible within the network, since your computer is broadcasting its signal to any other devices in range, in order to create a network neighborhood and share resources.
If you forget to turn off network discovery before connecting to a public hotspot, consider that a hacker might be connected to the same Wi-Fi hotspot, waiting for its next victim. By using a packet sniffer to analyze the data packets you exchange with the router, the hacker can identify your IP address and other sensitive information.
Keep your Wi-Fi disabled when not in use
It’s particularly useful when it comes to smarpthones, tablets, notebooks and laptops. For instance, on smartphones, most have Wi-Fi enabled at all times, in order to automatically detect hotspots when you’re on the move, especially if you’re traveling to another country and haven’t purchased a 4G data plan or enabled roaming. Even if you don’t have any intention of connecting to free hotspots when walking around a new city, your smartphone will automatically look for anything nearby and alert you of any open networks that you can sign into.
To prevent this from happening, remember to disable Wi-Fi and turn it on even when you are explicitly looking for a hotspot. Besides, your battery will thank you too. It also applies when taking out your laptop to quickly write an important document. Even if you’re offline but your Wi-Fi is on, a hacker might be able to decrypt its signal and infiltrate into your computer to get hold of the document you’re writing in that moment.
You might be one of those people who think that something as bad as getting hacked cannot happen to you, especially if you consider yourself to be a regular Internet user with no particularly sensitive information worth stealing. The fact of the matter is that hackers don’t need a solid reason to target your computer. It’s important to keep an eye out for any suspicious networks and devices connected to your network. Only then can you start protecting yourself from the dangers of fake Wi-Fi.
We’re love to hear your personal experience with connecting to fake Wi-Fi hotspots, detecting intruders on your network, as well as solutions, so please feel free to drop us a comment in the section below.