Clone wars – How to secure yourself from an evil hotspot

If we take a look at which countries have the best-developed public Wi-Fi networks, it quickly becomes clear that countries with smaller economies are leading the way worldwide. According to a recent study by Rotten WiFi, numerous smaller European nations belong to the top 20 countries offering public Wi-Fi. First two places go to Lithuania and Estonia, followed by Singapore and Switzerland. The Netherlands, UK and Denmark follow in places five, six and seven.

Major industrialized nations like Germany and France are missing from this list entirely, although it is clear that this subject is an important one in those countries. Heated debates are currently driven in Germany by a draft law aiming at exempting German hotspot providers from legal redress, while in France the government briefly considered prohibiting public Wi-Fi networks altogether in an effort to combat terrorism.

Public Hotspot LANCOM Systems

Quite apart from these discussions, free wireless Internet access in cafés, public places, hotels or airports is enormously popular among business users and the public. And yet there is very little concern about the security of hotspot users.

It is no secret that the security of many public hotspots is poor. Hotspots often transmit their data unencrypted. For this reason, public Wi-Fi networks are a popular target for what are referred to as man-in-the-middle attacks. This type of attack involves an intruder taking place between the hotspot and the users to take full control over the user data traffic. The attacker is thus able to read and manipulate all of the data transmitted over the hotspot network.


The evil twin hotspot – exposed in public

Evil Twin Hotspot

man-in-the-middle attack via evil twin access point

A typical scenario for man-in-the-middle attacks involves a rogue Wi-Fi hotspot, a so-called evil twin. The attackers set up cloned hotspots, which are given the same names as the public Wi-Fi networks from known hotspot operators. When a user connects to a fake hotspot, the attacker has full access to the data communication of the unsuspecting victim.

Just how easy this is was demonstrated recently by a product manager from Finnish IT security company F-Secure in front of a live audience at a Wi-Fi conference in Amsterdam: To create a hotspot clone (AKA evil twin), all he needed was a laptop, a commercially available Wi-Fi USB dongle, and some Linux skills, which are easily acquired with a little research on the Internet. The corresponding guides are widely available online. All he had to do next was to send a signal to the genuine hotspot, which caused all of the devices to disconnect and re‑connect with the cloned SSID operated by the fake hotspot. It was easy to intercept or sniff all of the data traffic with the connected devices.

Again an experiment by F-Secure in London in 2014  showed that under real conditions, users readily fell into the trap by connecting to a manipulated Wi-Fi hotspot operated in various public places. In no time at all, 250 devices logged in to the network and around 33 people, without hesitation, sent data via the fake hotspot. In a real-world scenario, this would have been a field day for criminals.

Both of these examples reveal the same problem: The client that logs in to the hotspot Wi-Fi is not a particularly intelligent device. It automatically connects to the Wi-Fi offering the strongest signal and does not differentiate between hotspots that are trustworthy or not. By using VPN technology (Virtual Private Network), however, you can be sure that your data stays secure—even if it is sent via a fake hotspot.


Safety first – It’s the VPN, stupid!

A fundamental cornerstone of secure connectivity is and remains a VPN client, or a VPN application on the device (current versions of iOS and Android have one already integrated). The VPN client establishes an end-to-end encrypted tunnel through the Internet to the VPN gateway at the company or to a VPN-capable router at home. Only from there does it connect to the Internet, securely.

VPN LancomThe traffic flowing through this VPN tunnel is securely encrypted and is immune to interception or attack. This provides secure access from the hotspot to the network at the company or at home. When traveling, the VPN connection also provides secure access to company or private resources.

Hotspot users who operate in this way benefit from the same level of security as they enjoy at home or at work, and they can use any hotspot without further worry.

VPN clients are available for all operating systems, and many of them are free of charge. For a specific example of how to set up a secure VPN connection over a public Wi-Fi network using a VPN client and VPN router, see this document in our Knowledge Base.


Additional information about how to stay secure on public Wi-Fi can be found here:

No Comments Yet

Leave a Reply

Your email address will not be published. Required fields are marked *

When you leave a comment, the system automatically stores the following data:

    • your name or your pseudonym (mandatory information / will be published)
    • your e-mail address (mandatory / will not be published)
    • your IP address (the IP address will be deleted automatically after 60 days)
    • date and time of the comment submitted
    • a website (optional)
    • your comment text and personal data contained therein
    • I also agree that all personal data entered together with my IP address will only be checked and stored by the Akismet spam filter in the USA for the purpose of spam prevention. Further information on Akismet and revocation options can be found here.

This site uses Akismet to reduce spam. Learn how your comment data is processed.