The Australian Federal Police (AFP) has accused a suspect of launching a fake Wi-Fi network on an airplane and using it to harvest passenger email and social media credentials – the so-called «evil twin attack». Suspicion fell on the man after the airline reported a suspicious Wi-Fi network that its employees discovered during the flight.
The AFP arrested the suspect, who was found to be carrying a «portable wireless access device, a laptop, and a» cell phone in his carry-on bag. After obtaining a warrant, police searched the man’s home. As a result of the investigation, he was arrested and charged. Last week, the defendant appeared before a judge and was released on bail, subject to restrictions on internet use.
It is alleged that the devices were used to create Wi-Fi hotspots with SSIDs similar to those used by airlines for internet access or in-flight entertainment Wi-Fi at the airport was also targeted by the attacker, AFP also found evidence of similar activity «at locations associated with the man’s previous work». Wherever the defendant’s installation was operating, when users logged on, they were asked to provide credentials. AFP claims that details such as email addresses and passwords were saved on the suspect’s devices.
The charges against the man relate to unauthorized access to devices and deceptive practices. None of the charges involve the defendant using the data to which he allegedly had access. However, the three charges of «possessing or controlling data with intent to commit a serious crime» indicate that the alleged perpetrator was interested in the possibility of using the data for dishonest purposes.
Andrea Coleman, a cybercrime inspector at AFP’s Western Command, said that free Wi-Fi services should not require logging in through an email or social media account. She also advocates that users of public Wi-Fi «install a reliable virtual private network (VPN) on their devices to encrypt and protect data while using the Internet». The police recommended disabling file sharing, avoiding sensitive applications such as banking when using public networks, and manually «forgetting» connections after use so that devices do not automatically connect to unknown networks.
Source: The Register
Spelling error report
The following text will be sent to our editors: