The Australian Federal Police (AFP) has accused a suspect of creating a fake Wi-Fi network on an airplane and using it to collect passengers' login information from email and social media - a so-called "evil twin" attack. The suspicion fell on the man after the airline reported a suspicious Wi-Fi network discovered by its employees during a flight.
The AFP arrested the suspect, who was found with "portable wireless access device, laptop, and mobile phone" in his carry-on luggage. After obtaining a search warrant, the police searched the man's home. As a result of the investigation, he was arrested and charged. Last week, the accused appeared before a judge and was released on bail with the condition of limited internet usage.
It is alleged that the devices were used to create Wi-Fi access points with SSIDs that closely resembled those used by airlines for internet access or entertainment on the plane. Wi-Fi in the airport was also a target for the perpetrator, AFP also found evidence of similar activity "in places related to the man's previous work". Wherever the accused's setup was located, when users connected to the network, they were asked to provide login information. AFP claims that details such as email addresses and passwords were stored on the suspect's devices.
The charges against the man involve unauthorized access to devices and fraudulent actions. None of the charges filed involve the alleged use of data to which he had access. However, three charges of "possession or control of data with intent to commit a serious offense" indicate that the suspected criminal was interested in the potential use of data for dishonest purposes.
Andrea Coleman, AFP's Cybercrime Inspector of the Western Command, noted that free Wi-Fi services should not require logging in via email or social media accounts. She also advocates for users of public Wi-Fi to "install a reliable virtual private network (VPN) on their devices for data encryption and protection while using the internet." The police recommended disabling file sharing, avoiding confidential applications like banking operations when using public networks, and manually "forgetting" connections after use to prevent devices from automatically connecting to unknown networks.
Source: The Register
Comments (0)
There are no comments for now