Australian Federal Police Arrest Suspect for WiFi Credential Theft on Flights

The Australian Federal Police (AFP) arrested and charged a man for allegedly executing “evil twin” WiFi attacks on multiple domestic flights and at airports in Adelaide, Melbourne and Perth.

Suspect’s Devices Seized at the Airport

The suspect allegedly tried to steal sensitive data, including email and social media credentials, from unsuspecting passengers who fall prey to the attack.

The investigation started in April 2024 after airline employees reported suspicious behavior. Authorities seized the suspect’s devices at the airport and allegedly revealed malicious activities after close examination.

Evil Twin Attacks are Often Easy to Miss

As its name suggests, an evil twin WiFi attack involves creating a malicious clone of a legitimate wireless network using an identical network name (SSID). This attack mainly works with public, unsecured WiFi networks.

However, some places publicly display their network’s password, making it easy for a perpetrator to replicate it completely, down to the password. This increases the chances of a successful attack, as a secured network is less likely to arouse suspicion.

Man-In-The-Middle Attacks and Credential Theft

Threat actors often rely on these rogue networks to monitor traffic, steal credentials and carry out man-in-the-middle (MiTM) attacks. Using the same SSID as legitimate networks makes it nearly impossible to identify a fake WiFi hotspot at first sight.

The Australian taken into custody by the AFP allegedly used a portable device to spawn free WiFi hotspots at several locations. Reportedly, the suspect required victims to log in using their email or social media accounts to access the internet.

Sensitive Data Could be Used in Further Crimes

With this trove of sensitive data, a threat actor could have engaged in further malicious behavior, such as taking over social media accounts, monitoring email communications, blackmailing victims, or even selling the data to other cybercriminals.

Authorities said that the full extent of the man’s operation, as well as his post-exploitation activity, is yet to be determined.

The suspect currently faces five different charges, including unauthorized impairment of electronic communication, possession of control of data with intent to commit a serious offense, unauthorized access or modification of restricted data, dishonestly obtaining or dealing in personal financial information, and possession of identification information with intent to commit an offense.

If found guilty on all these charges, the suspect could face a maximum penalty of 23 years.

Mitigating Evil Twin Attacks is Not Impossible

Although spotting a fake WiFi hotspot is often challenging, there are ways to mitigate evil twin attacks.

Using a trustworthy VPN, for instance, could efficiently cloak your connection, preventing snoops from intercepting your traffic and stealing your credentials.

Even though a VPN isn’t a guaranteed defense against all MiTM attacks, its encryption capabilities render your traffic indecipherable to threat actors. This significant obstacle often deters perpetrators, who may abandon their efforts upon encountering encrypted traffic.