Skip links

Evil Twin & the threat of working over Wi-Fi

Evil Twin & the threat from Cybercrime
The Evil Twin hack is the biggest threat faced today by workers using Wi-Fi.  If you ever work on a laptop, phone or tablet using public Wi-Fi it's definitely something you need to be aware of.

Evil Twin is a term for a Wi-Fi hotspot that has been set-up by a hacker with malicious intent specifically to mimic or impersonate a legitimate a Wi-Fi network and dupe unsuspecting users into using it. Once a user is connected to an Evil Twin Access Point (AP), the hacker will be able execute whats called a 'Man in the middle'attack and intercept and analyse and even inject traffic.  In other words they will have total access to the users data both coming and going which will enable the hacker to:

  • Intercept unencrypted traffic and view the data
  • Intercept email and passwords that are used to access websites.
  • Acquire passwords for accessing Wi-Fi APs
  • Route your web browser to a fake Phishing websites in an attempt to acquire your credit card details

An Evil Twin AP, could be set-up in a public areas such as a Café by a hacker using a laptop computer, either as a clone of a legitimate AP or with a different identify but offering a stronger signal which will attract users.  Or as in the example below an Evil Twin can be set-up to Clone a private AP such as the one you have at home.

The most surprising thing is just how easy it is for someone with a reasonable level (not an IT expert) of IT knowledge to execute this hack.  Each and every step of the process along with all the required software is readily available online.

For example the following article provides a step by step guide to targeting a neighbour in order to conduct a man in the middle attack.  This is achieved by cloning their wireless access point as an Evil Twin, booting them off their AP, and by making the signal of the Evil Twin access point stronger than their own AP, and getting them to connect to the Evil Twin AP instead.

Protecting against Evil Twin

The most fundamental thing is user education.  Organisations need update their IT policy to include dos and don'ts for working remotely over Wi-Fi e.g.  Don’t connect to unknown access points, or blindly accept SSL or SSH certificates.;


If your organisation relies heavily on remote working, it might be a good idea to consider supplying remote workers with Wireless hotspot software which ensures they only connect through a given provider using software that will ensure they only connect to authentic hotspots such as T-mobiles connection manager.

The most effective way to protect data against the ‘Evil Twin’ threat is to encrypt your traffic.  You can do this either by using HTTPS to connect to email and other secure sites or by using a Virtual Private Network – VPN, connection.  A VPN tunnel encrypts the traffic and in so doing prevents the data from being viewed by a man in the middle attack.

Rob Leverton

Rob has worked as an IT technician and project manager with Connexion for 14 years before moving into his current role as head of the technical services team.

Although Rob comes from a technical background he’s very much a people person and he is exceptionally good at building excellent working relationships with our customers and his technical team to deliver service excellence to our clients.

Rob Leverton

James Stratton

James is passionate about technology and how it can transform business.  Having worked with hundreds of businesses in many different sectors over the last 25 years he has a huge amount of business IT knowledge that he enjoys imparting to Connexions customers.

James is responsible for Connexions strategic development and also still enjoys a role in consulting and sales and marketing