The world of smartphones is full of automation and requires reputable Android protection.
Most smartphone users probably know that connecting to any random Wi-Fi hotspot available is not the best idea. But sometimes, an Android device can autonomously connect to a malicious Wi-Fi network without your awareness.
Imagine that you are at your favorite restaurant, your order is complete, and now you want to check your smartphone before the meal comes. However, without your knowledge, someone else is already monitoring everything you do on your device, including the websites you browse, the applications you use, and the credentials you enter.
Dangers of comfort zones
When creating software, developers always think about usability, user comfort, and user experience. So, it’s only natural that smartphones have an incorporated function to reconnect automatically to previously used and trusted networks.
However, cybercriminals love to exploit situations in which users feel safe and enjoy ever-present automation. The attack displayed by Lukáš Štefanko does the same — this technique preys on the fact that Android smartphones constantly and transparently tell nearby devices which Wi-Fi networks they have connected to, and want to reconnect to, automatically.
Luckily, attacks that require the malicious actor to be physically present at the location aren’t common, but that doesn’t mean that they can’t happen. For example, Australia’s Federal Police (AFP) charged one of its citizens over an alleged evil twin attack on multiple domestic flights and airports in June 2024. His seized devices allegedly contained dozens of stolen personal credentials.
Other times, it can be a state-sponsored operation such as the plot of a UK-based spy ring, as described by a prosecutor during a recent trial. The spy ring, among other things, also operated in Germany, where its members allegedly used an International Mobile Subscriber Identity Catcher or IMSI catcher to intercept mobile phone traffic from a military base where Ukrainian soldiers were training.
Other threats
As you can see, connecting and reconnecting to publicly available Wi-Fi networks can pose a danger. And the list of possible threats doesn’t end with rogue hotspots:
Man-In-The-Middle (MITM) attack — In such attacks, cybercriminals intercept communications between a device and the Wi-Fi network, allowing them to access sensitive unencrypted information like passwords, credit card numbers, and personal messages.
Exploitation of vulnerabilities — Cybercriminals can exploit vulnerabilities in less-secure public networks, or vulnerabilities of a targeted mobile device (especially if it doesn’t have updated software), to distribute malware to connected devices. This malware can then be used to steal data, monitor users’ activities, or even take control of users’ devices.
Packet Sniffing — Public Wi-Fi networks often lack proper encryption, making it easier for hackers to eavesdrop on users’ online activities.
How to stay safe
Obviously, the basic security recommendation for Wi-Fi users is to disable automatic connections to Wi-Fi networks, and not use free publicly accessible Wi-Fi networks at all. If this is not possible for any reason, here are a few more tips:
Use a Virtual Private Network (VPN) —VPN creates a secure and encrypted connection between a user’s device and the internet.
Do not share sensitive data — Avoid websites and applications requesting sensitive information such as online banking or shopping sites while on public Wi-Fi.
Stay on top of updates — Keep your software and apps updated. Regular updates often include security patches that protect against known vulnerabilities.
