HQ/EMEAFind out how we can help your business
Australian law enforcement alleges an individual conducted an ‘Evil Twin’ attack on the in-flight Wi-Fi to steal the passengers’ credentials. The Australian Federal Police (AFP) charged a man after it established a phoney Wi-Fi network on at least one commercial flight and harvested fliers’ email and social media credentials.
The individual was questioned after an airline reported to the authorities its concerns about a suspicious Wi-Fi network identified by the employees during a domestic flight.
The AFP then arrested the individual, who was discovered carrying a portable wireless access device, a laptop, and a mobile phone in his hand luggage. These uncommon hand-carried gadgets prompted the police to search the 42-year-old’s residence after obtaining a warrant and, subsequently, his arrest and charges.
Moreover, the police suspected that the accused’s equipment was used to build Wi-Fi hotspots with SSIDs confusingly similar to those used by airlines for in-flight internet access or streaming entertainment.
The airport Wi-Fi was also targeted, and the AFP discovered evidence of similar operations at the locations linked to the man’s previous employment. The attack can be successful if individuals enter the network from the accused’s rig and are prompted to submit credentials.
After conducting the purported Evil Twin Wi-Fi campaign, the AFP claims that email addresses and passwords were kept on the suspect’s devices.
The charges against the man who allegedly executed an Evil Twin Wi-Fi attack include unlawful access to electronics and dishonest conduct. However, none of the charges suggest that the accused exploited the data he allegedly obtained.
Furthermore, three additional allegations, including the possession or control of data intending to commit a serious offence, indicated that the alleged perpetrator was aware of the potential use of the stolen data for malicious purposes.
The authorities warned passengers and all other users that free Wi-Fi in public places should not require checking in with an email or social media account. They also suggested that users must disable file sharing, avoid sensitive apps like banking while using public networks, and manually forget connections after use so that devices do not automatically reconnect to suspicious networks.
The accused appeared before a magistrate last week and was granted bail, with the condition that he restrict his internet use in particular ways.
