Man busted stealing passenger data from in-flight Wi-Fi with 'evil twin' strategy

A man has been charged with stealing the credentials of people's social media and email services while on a commercial airline.

2

The Australian Federal Police (AFP) charged a man who was carrying a "portable wireless access device, a laptop, and a mobile phone" in his luggage. The AFP claims the man was attempting to scrape sign-in information from passengers aboard a flight by running a fake Wi-Fi network on a plane. The alleged man was reportedly creating fake Wi-Fi hotspots with SSIDs that were very similar to the network names found on flights, or an "evil twin".

When a user joined the network, they were prompted to input their credentials, which included email addresses and passwords that were then saved to the man's device. At the moment, authorities charged the man with unauthorized access to devices, along with "possession or control of data with the intent to commit a serious offense," which alludes to the man having the intention of using the data nefariously.

This story should be viewed as a sobering reminder to practice healthy data safety techniques. These include being very careful about what public Wi-Fi network you are joining and avoiding sensitive apps such as banking while connected to a public network. There is also the recommendation of using a Virtual Private Network (VPN) when connected to a public network.

The airline "reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight."