Earlier this year, Australian authorities arrested individuals who set up a deceptive Wi-Fi network while on a flight. This network mimicked the airline’s official Wi-Fi service, leading cybersecurity experts to label it as “the evil twin.” Essentially, this type of fake hotspot is designed to fool users into giving away their credentials.
While the concept isn’t new, its application in-flight is. Fake Wi-Fi networks have been a common scam in cafes, hotels, and airports for some time, but this incident highlights a different and more audacious context—targeting passengers who heavily rely on Wi-Fi for in-flight entertainment and connectivity.
What is an evil twin Wi-Fi attack?
Evil Twin hotspots intentionally mimic legitimate networks by using identical names, or SSIDs. Devices will often connect to the network with the strongest signal, which may actually belong to an attacker.
Once users connect, they may be redirected to counterfeit login pages, which in this case asked for passengers’ email addresses, passwords, or social media credentials, all under the guise of granting access to the airline’s entertainment system. The stolen data can then lead to identity theft or other attacks.
Why Travel Wi-Fi is a Major Target
The dynamics of travel make such attacks particularly enticing for hackers. Limited online options in places like hotels or airports can drive individuals toward available Wi-Fi networks, which often have the branding of trusted companies, leading people to let their guard down.
Additionally, there’s a growing trend where airlines and hotels are moving entertainment and services to personal devices, which further amplifies the need for Wi-Fi. As a result, more users are online than ever before.
Hackers are Tricking You with Fake In-Flight Wi-Fi?
In the Australian incident, the attacker brought a portable hotspot on the plane and named it after the airline’s real Wi-Fi network. Passengers, naturally connecting to the stronger signal, were directed to a fake login page requesting their personal details.
The stakes are higher during a flight, as users may feel pressured to provide information to regain access to entertainment, making these attacks highly effective.
Why a VPN is Essential for Wi-Fi Security in Flight
One effective line of defense against rogue Wi-Fi is using a virtual private network (VPN). VPNs create encrypted channels between your device and the internet, complicating interception attempts by attackers.
However, be mindful that some in-flight Wi-Fi systems may require you to temporarily disable the VPN to access their networks. Nonetheless, it’s still a critical tool for maintaining privacy once you’re online.
9 Tips for Using In-Flight Wi-Fi Safely
While employing a VPN is crucial, there are other strategies to enhance safety when connecting in the air:
1) Install Strong Antivirus Software
Having a robust antivirus program on your device is vital to protect against malicious sites and provide alerts about phishing or ransomware attempts.
2) Enable Two-Factor Authentication (2FA)
Even if login details are compromised, 2FA can act as a barrier. Opt for app-based authenticators instead of SMS codes when you can, as they are harder to intercept.
3) Turn Off Automatic Wi-Fi Connection
Devices typically reconnect to known networks automatically, making it easier for fake hotspots to trick you. Before flying, disable this feature and manually select the airline network.
4) Use HTTPS Everywhere
When browsing, check for the padlock icon in your browser’s address bar. HTTPS encrypts your connection with websites, making it challenging for attackers to intercept data.
5) Limit Your Online Activities
Even with precautions, in-flight Wi-Fi should be treated as potentially unsafe. Avoid logging into sensitive accounts like banking; stick to light browsing or messaging.
6) Keep Your Device Updated
Outdated software can present security vulnerabilities. Ensure your device is updated with the latest security patches before you travel.
7) Use Airplane Mode but Enable Wi-Fi
Activating airplane mode and then turning on Wi-Fi can minimize exposure to other signals (like Bluetooth) that attackers might exploit.
8) Beware of Phishing Pop-Ups and Suspicious Clicks
Some fake portals may employ pop-ups designed to extract your login details. If a site requests excessive personal information, treat it as suspicious and navigate away.
9) Log Out After Use
Once your flight is over, ensure you log out of the airline’s Wi-Fi portal as well as any accounts accessed. This prevents session hijacking from cached tokens.
Important Takeaway
The escalation of evil twin attacks in the air serves as a reminder that convenience often comes with risks. As more airlines push for in-flight Wi-Fi, it’s crucial to stay vigilant. The next time you’re airborne, pause before connecting to the first network that appears—sometimes staying offline until you land is the safest route.
