How To Prevent Evil Twin Attacks Successfully

evil twin attacks

How To Prevent Evil Twin Attacks



Sarah stopped by her favourite coffee shop to grab her afternoon drink. She placed her order, paid the clerk, and waited while the baristas worked furiously to fulfil the backup of orders. Sarah pulled out her phone, opened the wireless client, and connected to what she assumed was the coffee shop’s free wireless network.

However, sitting in a corner of the store, a hacker had just set up an open “rogue” wireless hotspot posing as the coffee shop’s wireless network. When Sarah logged onto her bank’s website, the hacker hijacked her session and gained access to her bank accounts. Another term for rogue wireless hotspots is “evil twin” hotspots.

Search the internet on “evil twin hotspots” to learn more about this security threat.


So you are hanging out at a new café that just opened up down the street and you bring your laptop or smartphone to take advantage of the free WiFi service they provide.  The café is named “Bread and Butter”, your laptop identifies a wireless hotspot appropriately called “Bread and Butter WiFe”, and you eagerly connect assuming that it belongs to the café. As you peruse your favourite social media site, access your email and check to see if a financial transaction cleared your online bank account, a hacker has been capturing all of your login credentials and data.  You have just been a victim of a man-in-the-middle attack thanks to an ‘Evil Twin’.

An Evil Twin is a rogue wireless hotspot that impersonates a legitimate hotspot. 

Hackers set up evil twin access points in areas serviced by public WiFi by cloning the MAC address and Service Set Identifier (SSIS) of an existing wireless AP.  For instance, perhaps a coffee shop has a hotspot called “Internet Coffee” that is broadcast from the wireless AP in the back office.  A hacker, using his or her laptop coupled with the necessary equipment can broadcast the same SSID from a table in the customer area.  By ensuring that the signal of the evil twin is stronger than the authorized network, customers will be tempted to select it over the legitimate offering. 

In some cases, a customer’s laptop may choose the stronger signal automatically.  For instance, customers staying at a resort hotel may select “Connect Automatically” on their device so that it connects automatically during the duration of their stay.  Doing so would allow the wireless device to connect to the evil twin when it comes within range of it.  If it identifies both SSIDs, it will choose the strong signal by default.  It is also possible for a hacker to perform a denial of service (DOS) attack on the legitimate hotspot, which will, in turn, disconnect everyone from it.  The devices will then choose the evil twin when reconnecting.  This is especially easy to perform on open WiFi networks.

Once a client is connected to an evil twin, an attacker can easily eavesdrop on its signal to hijack the device’s communications.  The attacker can monitor traffic, steal credentials or redirect clients to malicious websites to either download malware or capture online credentials to fake sites. 

In some instances, the malicious hotspot does not have to be an evil twin per se.  For instance, maybe a local coffee shop never bothered to change the default name of its SSID, which includes the name of the internet provider.  In this case, a hacker could simply broadcast an SSID that incorporates the name of the coffee shop and many customers will make the incorrect assumption and select it.  A hacker could also create an evil hotspot in the pool area of a hotel resort with the word “pool” contained within the SSID, tricking resort travelers that it must be a separate pool area hotspot offered by the hotel.


What you can do to avoid man-in-the-middle attacks from evil twins

  • Always ask the establishment what the name of the official hotspot is.  This will prevent you from making incorrect assumptions and choose a malicious hotspot.
  • If the official hotspot you want to connect to has a key, try intentionally typing in the wrong key.  If the connection accepts the blatantly wrong key, it is most likely an evil twin.
  • Disable the “auto connect” or “auto join” functions for saved hotspots for all of your wireless devices.  This is good advice period. 
  • You should also manually disconnect from a hotspot every couple of hours and manually reconnect to your desired hotspot and type in the password to confirm the connection.

What you can do as a business owner or proprietor

  • Clearly advertise the name of the wireless network you offer your customers in a prominent location so all your customers can see it.  Rather than simply provide open WiFi, protect the hotspot with a Personal Security Key (PSK) and create a system to provide the key to your customers.
  • Check the customer area with your own mobile device to look for hotspots that are impersonating your official ones and alert your customers if necessary.
  • Obtain the services of a wireless expert if you suspect that someone has permanently placed an evil twin or malicious hotspot on your property.  Using a laptop and an antenna, a trained professional can triangulate the location of a malicious AP.  There are also software applications such as EvilAP_Defender, which is designed to find evil twins and even notify through email when one has been identified. 


Action Point

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

Download Our App.


CEHNigeria On Google Playstore

Download Our Blog App On Google Playstore.




Have a deeper understanding of Google Search Console. Join SEOPOZ for free.

Join Our Whatsapp Group Here


Join Our Whatsapp Group

Follow Us On Twitter and I will Follow Back


Follow Us On Twitter

Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles.

About Adeniyi Salau 884 Articles
I am an IT enthusiast and a man of many parts. I am a Certified Digital Marketer, Project Manager and a Real Estate Consultant. I love writing because that's what keeps me going. I am running this blog to share what I know with others. I am also a Superlife Stem Cell Distributor. Our Stem Cell Products can cure many ailments.

Be the first to comment

Leave a Reply

Your email address will not be published.


CommentLuv badge