Australian Federal Police have charged a man for allegedly setting up fake Wi-Fi networks on commercial flights and airports to steal passengers’ email and social media credentials.

The Australian Federal Police (AFP) have arrested and charged a man who is accused of deploying rogue Wi-Fi hotspots resembling legitimate in-flight and airport networks. Using a portable wireless access device, a laptop, and a mobile phone, the accused allegedly created Wi-Fi networks with names similar to those used by airlines and airports. When unsuspecting passengers connected to these networks, they were prompted to enter their credentials, which were then captured by the suspect's devices. The AFP found evidence linking similar activities to locations associated with the man's past employment. The charges include unauthorised access to devices and possession of data with intent to commit a serious offence, suggesting potential misuse of stolen credentials.

Highlights:

• AFP charged a man for allegedly operating fake Wi-Fi networks on commercial flights to steal passenger credentials.
• The networks mimicked legitimate in-flight and airport Wi-Fi SSIDs to deceive users into entering their credentials.
• Evidence suggests similar activities at locations linked to the suspect's previous employment.
• Recommendations include using reputable VPNs on devices, avoiding sensitive transactions on public Wi-Fi, and disabling automatic connections to unknown networks.
• The accused was released on bail with internet use restrictions pending further legal proceedings.

To mitigate the risk of falling victim to such attacks while flying, passengers should refrain from connecting to Wi-Fi networks that require login credentials unless verified as legitimate by the airline. Using VPNs, disabling file sharing, and being cautious with sensitive activities on public networks are essential precautions to safeguard personal information. Manually forgetting networks after use prevents devices from automatically reconnecting to potentially malicious networks in the future.

Sources and further reading.

Sharwood, S. (2024, July 1). Police allege “evil twin” in-flight wi-fi used to steal info. The Register® - Biting the hand that feeds IT. https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/