An Australian man has been charged with using a fake Wi-Fi hotspot on a domestic flight to steal user credentials and data.
The Australian Federal Police (AFP) “allegedly created fake free Wi-Fi hotspots that mimicked legitimate networks to capture the personal data of unsuspecting victims who mistakenly connected to them.” said in a press release last week.
The agency said the suspect was charged in May 2024 after an investigation began a month earlier after the airline was notified of a suspicious Wi-Fi network discovered by its employees on a domestic flight.
A subsequent search of his luggage on April 19 led to the seizure of a portable wireless access device, a laptop and a mobile phone. He was arrested on May 8 after his home was searched.
They say this man organized the so-called evil double Wi-Fi attack in various locations including domestic flights and airports in Perth, Melbourne and Adelaide to impersonate legitimate Wi-Fi networks.
Users who tried to join the free fake network were asked to enter their email address or social media credentials via capture portal web page.
“Collected email and password data can be used to access additional personal information, including the victim’s online communications, saved images and videos, or bank details,” AFP notes.
The defendant is charged with three counts of unauthorized breach of electronic communications and three counts of possession or control of data with intent to commit a serious offense.
He was also charged with one count of unauthorized access or modification of restricted data, one count of dishonestly obtaining or distributing personal financial information and one count of possessing personally identifiable information. If convicted, he faces up to 23 years in prison.
“You don’t need to enter any personal details, such as logging in with an email or social media account, to connect to the free Wi-Fi network,” said Andrea Coleman, Detective Inspector of the AFP’s Western Cyber Crime Command.
“If you still want to use public Wi-Fi hotspots, install a reliable virtual private network (VPN) on your devices to encrypt and protect your data while using the Internet.”
