We previously looked at what a Man-in-the-middle attack (MitM) is, and some general pointers as to protect yourself from it using the airport Wi-Fi example. Today we dive into a bit more detail, closely looking at the Evil Twin Wi-Fi attack. Looking at the pointers we previously gave, we also focus on one pointer: VPN usage. The main reason for this is that we can run our own VPN at home in our homelab, which means we can very easily (and for free) protect ourselves. The setup of VPN in our homelab will form part of the upcoming series in building your own homelab.
What Is a Man-in-the-Middle Attack?
A man-in-the-middle (MITM) attack occurs when a cybercriminal secretly intercepts the communication between you and the website or online service you’re using. Imagine you’re sending a letter in a sealed envelope, but someone manages to intercept and read it before it reaches the recipient. In a MITM attack, attackers can capture sensitive data like passwords, banking details, or personal messages without your knowledge.
What Is an Evil Twin Wi-Fi Attack?
An Evil Twin Wi-Fi attack is a type of MITM attack that specifically targets wireless networks. Here’s how it works:
- Impersonation: Cybercriminals create a fake Wi-Fi hotspot with a name similar to a legitimate one, such as “CoffeeShop_WiFi” instead of “CoffeeShop_Free_WiFi.”
- Deception: Unsuspecting users connect to the fake hotspot because it appears familiar or more convenient.
- Interception: Once connected, all your data—like emails, online banking details, and browsing activity—flows through the attacker’s device. The attacker can then steal your sensitive information or redirect you to malicious websites.
This deceptive practice makes it seem as though you’re using a secure and trusted network when, in fact, you’re exposing your data to cybercriminals.
How to Protect Yourself from an Evil Twin Attack
Be Cautious with Public Wi-Fi
- Verify the Network Name: Always ask a staff member if you’re unsure about the correct Wi-Fi network name.
- Avoid Sensitive Transactions: Refrain from logging into bank accounts or sharing sensitive information over public Wi-Fi.
- Turn Off Auto-Connect: Disable automatic connections to open networks on your device to avoid accidentally connecting to a malicious hotspot.
Use Security Tools
- Keep Your Software Updated: Regular updates for your operating system, browser, and antivirus software help protect against known vulnerabilities.
- Enable HTTPS: Look for the “https://” in website addresses, which indicates a secure connection, though it is not a foolproof method, it does add an extra layer of security.
How a VPN Helps Protect Against Evil Twin Attacks
1. Encrypted Traffic
A VPN encrypts all the data you send and receive. Even if you accidentally connect to an Evil Twin hotspot (a malicious network disguised as a legitimate one), your information travels through an encrypted “tunnel.” This means that if a hacker intercepts your traffic, it appears scrambled and unreadable, thwarting attempts to steal your passwords, banking details, or any other sensitive information.
2. Secure Tunneling Protocols
VPNs use secure protocols (like OpenVPN, IKEv2, WireGuard, or L2TP/IPsec) to create a protected communication channel between your device and the VPN server. These protocols ensure that data remains private and cannot be tampered with mid-transit—even on an untrusted or compromised Wi-Fi network.
3. IP Masking
When you connect through a VPN, your actual IP address is hidden, replaced by the VPN server’s IP address. This makes it more difficult for attackers to track or target you based on your location or identity. It also helps prevent websites from collecting excessive personal data.
4. Additional Safety Layers
Some VPNs offer built-in features such as:
- Kill Switch: Automatically cuts off internet access if the VPN connection drops, ensuring your data never leaks on an unsecured channel.
- Malware/Phishing Blockers: Some VPNs include protection that can warn you about suspicious websites or downloads.
How to Use a VPN
1. Choose a Reputable VPN Provider
- Security and Privacy: Look for providers with strong encryption, a no-logs policy, and transparent business practices.
- Server Network: More server locations can improve performance and allow you to appear virtually in different countries if needed.
- Performance: Check reviews for speed and reliability. Sluggish performance can be frustrating and reduce your willingness to stay connected to the VPN.
- Host your own: There are a few free VPN services that you can host at home. Choose a reputable one if you are going to host your own as performance will be best with tried and tested servers. Hosting your own VPN server falls outside of the scope of this article, but be sure to check back over the next couple of weeks for our guide on getting your on VPN server up and running.
2. Install the VPN Client
- Platform Compatibility: Ensure your chosen VPN supports all your devices (Windows, macOS, iOS, Android, etc.).
- Easy Setup: Most reputable VPN providers offer user-friendly apps that guide you through installation and initial configuration.
3. Connect to a VPN Server
- Automatic Server Selection: Many VPNs can automatically choose the best server based on speed or proximity.
- Manual Server Selection: If you want to virtually “appear” in a specific country (e.g., for accessing region-locked content), select that server location from the list.
4. Verify Your Connection
- Check for the Lock Icon or Status: Most VPN apps display a lock icon or “Connected” status once your VPN is active.
- Test for Leaks: Advanced users can use online tools to verify that their IP address and DNS requests are not leaking outside the VPN tunnel.
5. Use It Consistently
- Enable at Risky Locations: Make a habit of connecting to your VPN whenever you use public Wi-Fi—coffee shops, airports, hotels, etc.
- Stay Logged In: Keep your VPN running for all internet activities if you want continuous protection.
Additional Tips and Considerations
Regular Updates: Keep your VPN app and device software up to date. Updates often include security patches that help maintain a secure environment.
Combine with Other Security Practices: A VPN is most effective when combined with common-sense measures, such as verifying Wi-Fi network names, disabling auto-connect, and using antivirus software.
Beware of Free VPNs: Free services may limit speeds, serve intrusive ads, or even sell your data. A paid, reputable service is often safer and more reliable. Alternatively, just host your own VPN. It’s free and as we will explain in the coming weeks, very easy to get up and running.
Conclusion
Public Wi-Fi is incredibly convenient but can be risky if you’re not careful. Man-in-the-middle attacks, such as the Evil Twin Wi-Fi attack, exploit this convenience by deceiving users into connecting to a fake network. By understanding how these attacks work and taking proactive steps—like verifying network names, avoiding sensitive transactions on public networks, and using a VPN—you can significantly reduce your risk of becoming a victim. Always stay informed and cautious to ensure your online activities remain secure.