When looking at the mobile security threat landscape, protection against fake Wi-Fi attacks stand out as being particularly important. As consumer demand for mobile data increases, app users connect to Wi-Fi networks at every chance they get – coffee shops, parks, airports – and as a result, the risk of encountering a compromised connection naturally all the time.
From a hacker’s perspective, the fake Wi-Fi scheme isn’t all that complex. Essentially, it’s just one specific version of a Man-in-the-Middle Attack (MITM). In this scenario, the hacker simply uses an inexpensive piece of hardware, or a cell phone hotspot, to mimic a legitimate Wi-Fi access point and trick users into using the fake site instead. So fast and easy protection against fake Wi-Fi attacks is critical.
Depending on the user’s settings (or his/her attention span), consumers often connect to such malicious access points without ever noticing. Once they unknowingly connect to a fake Wi-Fi hotspot, any credential entered, transaction made, or communication sent can be tracked by the hacker, who can potentially monitor or even respond to these transmissions.
Think it’s Just Free Wi-Fi? You’re in for a Surprise…
While fake Wi-Fi attacks – also known as “evil twin attacks,” are trivial for hackers, they can be devastating for mobile users themselves. Hackers employ a variety of techniques for taking advantage of consumers via malicious access points.
For starters, they can listen in and track all traffic when consumers log into a valuable app (email client, banking app, claim status solution, shopping cart) and steal authentication data. Given that so much mobile activity occurs on web applications, hackers can also use page spoofing to trick consumers into giving them private data – which is also known as phishing.
Mobile devices are considered by most as “hacker friendly” due to the nature of being consumer-grade devices, with poor security practices embedded into the majority of mobile apps.
For example, when consumers open up a banking app or order online via their favorite store, hackers can intercept the communication and send a fake login screen in place of the legitimate screen. Users will enter their details into the page, only to receive an error message, and then be sent back to the real page where their login is accepted. They’ll never know the hacker is now in possession of their banking credentials, and can start siphoning money from their accounts.
A Look at the Impact of Phishing on Consumer Apps
This type of phishing scheme can occur in a number of ways – such as a request to confirm your PayPal information via a secure list, a promotion message from Target, or an email confirmation from Amazon. When they’re not phishing, fake Wi-Fi hackers will often use forged messages to deliver malware instead.
The recent Kaspersky Lab study Financial Cyberthreats in 2014 found that 28.8% of phishing attacks in 2014 were intended to steal financial data from users. While carrying out their scams, hackers have shifted their focus from bank brands to payment systems and online shopping sites.
The report found that 31% of hackers targeted data from Visa Card holders, 30% pursued PayPal users and 24% sought American Express data.
Hackers who successfully use fake Wi-Fi have become quite stealthy, meaning that their tampering typically goes unnoticed by the consumer – until it’s too late. Despite the inconspicuous nature of evil twin attacks, there are several precautions that consumers can take to avoid these threats:
- Avoid connecting to public Wi-Fi hotspots unless it’s absolutely necessary.
- Never allow your device to automatically connect to public hotspots. Instead, connect it manually. If you see similar network names, check with an official before choosing one.
- If you’re using public Wi-Fi, don’t use apps or sites that require you to enter credentials, banking or credit card information. Likewise, don’t send confidential texts or emails.
- If you are using public Wi-Fi, try to only use apps that you trust, meaning ones that claim to be secure or that you know offer higher levels of data protection.
Although the average cost of a data breach currently stands at $3.79 million, it may take 10 months to 2 years to repair a company’s tarnished reputation after an app is compromised.
Let’s face it, a damaged image is a loss no organization can afford in a competitive landscape.
Appdome offers protection against fake Wi-Fi attacks
Mobile developers can add protection against fake Wi-Fi attacks to their mobile apps in seconds on Appdome, without having to write a single line of code. How amazing is that!
