TL;DR
SSID spoofing is a common way attackers try to intercept your data on public Wi-Fi. This guide shows you how to recognise and avoid these attacks, keeping your information safe.
How to Avoid Being MITM’d by an SSID-Spoofing Device
- Understand the Threat: What is SSID Spoofing?
- Attackers create a fake Wi-Fi network with a name (SSID) that looks legitimate – like your usual coffee shop’s Wi-Fi.
- When you connect to this fake network, all your internet traffic passes through the attacker’s device before going to the real internet. This allows them to steal passwords, banking details, and other sensitive information.
- Verify Network Names
- Always confirm the correct network name with staff: Don’t just assume! Ask a member of staff at the coffee shop, library or hotel what the official Wi-Fi SSID is.
- Be wary of similar names: Attackers often use names that are very close to legitimate ones (e.g., “CoffeeShop WiFi” vs. “Coffee Shop Wifi”).
- Look for HTTPS and the Padlock Icon
- HTTPS encrypts your data: Always make sure websites you visit use
https://in the address bar, not justhttp://. A padlock icon should also be visible. This doesn’t *prevent* a MITM attack but makes it harder for attackers to read your information if they intercept it. - Check certificate details: Click on the padlock icon and examine the website’s security certificate. Look for valid dates and that the certificate is issued to the correct organisation.
- HTTPS encrypts your data: Always make sure websites you visit use
- Disable Auto-Connect to Wi-Fi Networks
- Your device automatically connecting can be dangerous. Turn off auto-join on your phone, laptop or tablet.
Windows: Settings > Network & Internet > Wi-Fi > Manage known networks. Uncheck ‘Connect automatically’ for each network.
macOS: System Preferences > Network > Wi-Fi > Advanced… > Check ‘Ask to join new networks’.
Android: Settings > Connections > Wi-Fi > Wi-Fi preferences > Turn off ‘Connect automatically’ or similar option.
iOS/iPadOS: Settings > Wi-Fi > Toggle off ‘Auto-Join’.
- Your device automatically connecting can be dangerous. Turn off auto-join on your phone, laptop or tablet.
- Use a Virtual Private Network (VPN)
- A VPN creates an encrypted tunnel for your internet traffic, protecting it even on unsecured networks. This is the most effective way to prevent MITM attacks.
Choose a reputable VPN provider and install their app.
- A VPN creates an encrypted tunnel for your internet traffic, protecting it even on unsecured networks. This is the most effective way to prevent MITM attacks.
- Be Careful What You Share
- Avoid entering sensitive information (passwords, credit card details) on public Wi-Fi whenever possible. If you must, ensure the website uses HTTPS and consider using a VPN.
- Check for Rogue Access Points with Network Scanning Tools (Advanced)
- Tools like
netdiscover(Linux) can help identify all devices on a network, including rogue access points.sudo netdiscover -i wlan0This requires some technical knowledge to interpret the results.
- Tools like