The world of smartphones is full of automation and requires reputable Android protection.
Most smartphone users probably know that connecting to any random Wi-Fi hotspot available is not the best idea. But sometimes, an Android device can autonomously connect to a malicious Wi-Fi network without your awareness.
Imagine that you are at your favorite restaurant, your order is complete, and now you want to check your smartphone before the meal comes. However, without your knowledge, someone else is already monitoring everything you do on your device, including the websites you browse, the applications you use, and the credentials you enter.
An attack like this is possible. For example, if ESET malware researcher Lukáš Štefanko used his Cheap Yellow Display (CYD) tool running Evil M5 firmware for malicious purposes. Luckily, acting as an ethical pen tester, he just published a video showing how easy it can be to obtain Wi-Fi networks that smartphones want to reconnect to automatically. With this information, he could create a fake Wi-Fi access point, or an “evil twin” network, to gather sensitive data from a victim’s device.
Let’s dive a little deeper into these kinds of attacks, and what lessons we can learn from them.
Dangers of comfort zones
When creating software, developers always think about usability, user comfort, and user experience. So, it’s only natural that smartphones have an incorporated function to reconnect automatically to previously used and trusted networks.
However, cybercriminals love to exploit situations in which users feel safe and enjoy ever-present automation. The attack displayed by Lukáš Štefanko does the same — this technique preys on the fact that Android smartphones constantly and transparently tell nearby devices which Wi-Fi networks they have connected to, and want to reconnect to, automatically.
Luckily, attacks that require the malicious actor to be physically present at the location aren’t common, but that doesn’t mean that they can’t happen. For example, Australia’s Federal Police (AFP) charged one of its citizens over an alleged evil twin attack on multiple domestic flights and airports in June 2024. His seized devices allegedly contained dozens of stolen personal credentials. Other times, it can be a state-sponsored operation such as the plot of a UK-based spy ring, as described by a prosecutor during a recent trial. The spy ring, among other things, also operated in Germany, where its members allegedly used an International Mobile Subscriber Identity Catcher or IMSI catcher to intercept mobile phone traffic from a military base where Ukrainian soldiers were training. |
Other threats
As you can see, connecting and reconnecting to publicly available Wi-Fi networks can pose a danger. And the list of possible threats doesn’t end with rogue hotspots:
Man-In-The-Middle (MITM) attack — In such attacks, cybercriminals intercept communications between a device and the Wi-Fi network, allowing them to access sensitive unencrypted information like passwords, credit card numbers, and personal messages.
Exploitation of vulnerabilities — Cybercriminals can exploit vulnerabilities in less-secure public networks, or vulnerabilities of a targeted mobile device (especially if it doesn’t have updated software), to distribute malware to connected devices. This malware can then be used to steal data, monitor users’ activities, or even take control of users’ devices.
Packet Sniffing — Public Wi-Fi networks often lack proper encryption, making it easier for hackers to eavesdrop on users’ online activities.
How to stay safe
Obviously, the basic security recommendation for Wi-Fi users is to disable automatic connections to Wi-Fi networks, and not use free publicly accessible Wi-Fi networks at all. If this is not possible for any reason, here are a few more tips:
Use a Virtual Private Network (VPN) —VPN creates a secure and encrypted connection between a user’s device and the internet.
Do not share sensitive data — Avoid websites and applications requesting sensitive information such as online banking or shopping sites while on public Wi-Fi.
Stay on top of updates — Keep your software and apps updated. Regular updates often include security patches that protect against known vulnerabilities.
ESET Mobile Security
When it comes to cybersecurity, ESET goes far beyond just simple antivirus — and this also applies to smartphones and mobile devices. ESET Mobile Security is built around the ESET prevention-first approach, stopping attacks before they can do any harm. This goal can be met by securing cybercriminals’ most common points of entry to devices while keeping the security solution simple to use.
ESET Mobile Security is well-prepared for attacks coming from malicious websites, thanks to multilayered protection against phishing, smishing, and scams. For example, Anti-Phishing enhanced by Link Scanner protects users against malicious websites, and Payment Protection delivers a new layer of security for sensitive payment and financial applications.
And the best part? The premium version of ESET Mobile Security utilizing all these features and more is 50% off between March 3 and March 9, 2025!
Enjoy technology with peace of mind
Most would agree that people love comfort, and, in fact, the entire technology industry is driven by users pursuing faster, easier, and more user-friendly solutions for their daily activities. And there is nothing bad about living in the lap of technological luxury; but don’t ignore the threats out there.
Luckily, with a pinch of cybersecurity awareness and a reputable security solution installed on your Android smartphone, you should be fine. Wi-Fi network attacks are well-known, and acclaimed cybersecurity companies such as ESET taking advantage of more than 30 years of experience have you covered.