A 42-year-old man fronted a Perth Magistrates Court last week after Australian Federal Police accused him of creating what was known as an “evil twin” Wi-Fi network.

But, Texas-based Zimperium — which protects the mobile devices of US troops and has built a “mobile threat defence” shield at a data centre in Canberra — said the AFP’s action has only scratched the surface.

The company showed data to The Australian which revealed hundreds of attacks were happening each day at not only capital city airports but also in major regional centres like Cairns and Alice Springs.

Zimperium regional sales manager Simon Scaife said in some cases the company was detecting Wi-Fi networks posing as well-known airline lounges in the middle of capital cities, far away from an airport.

Mr Scaife said criminals were exploiting a common feature on smartphones, which record every Wi-Fi network a user signs onto. The phone then searches for the network to automatically connect to it again.

“So if you’ve been at the Qantas Club and you’ve used their free Wi-Fi a year ago you go back in tomorrow, bang, you want to connect and you’re online. Same with Starbucks, same with your friend’s Wi-Fi, their Telstra modem. It’s a great feature for seamless connectivity. It means no passwords or whatever,” Mr Scaife said.

“But if someone spoofs that and emulates the same SSID then you know it’s dangerous because your phone says ‘I know you, let’s chat, we can communicate’. (A hacker can) then can intercept your traffic, downgrade the transport layer security and look at a banking session, your email, your communication with work or personal networks.”

The devices cyber criminals use to create networks are a type of router bought online easily, selling for about $20 on eBay, and can fit in a pocket or a backpack.

Mr Scaife said cyber criminals were also able to gain access to someone’s corporate phone to infiltrate a company’s network, creating an entry point for Medibank-style cyber attacks.

“There’s dedicated malware in the industry that is built pretty much on attacking corporations, so the interest isn’t always the individual.”

He said a user didn’t even have to be on a corporate network for a cyber criminal to gain illegal access. “If they’ve got a login to a Microsoft system, they look at how they can capture those corporate credentials and get the multifactor tokens to that corporate account. That’s how data breaches happen.”

Mr Scaife said hotels — even big chains like Marriot and IHG — were vulnerable to such attacks.

“Rogue Wi-Fi is very common in hotels. A lot of hotels outsource their IT to the lowest bidder and they’ll set up a very cheap Wi-Fi network that may be fast and cheaper but not good from a security point of view.”

The AFP charged a 42-year-old West Australian man in May after launching an investigation in April, 2024, when an airline reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.

Analysis by the AFP’s Western Command cybercrime operations team of data and devices seized from the man has allegedly identified dozens of personal credentials belonging to other people, as well as fraudulent Wi-Fi pages.

AFP Western Command Cybercrime detective inspector Andrea Coleman said the case was a timely warning to be cautious about logging on to any public Wi-Fi networks.

“To connect to a free Wi-Fi network, you shouldn’t have to enter any personal details — such as logging in through an email or social media account,” she said.

“If you do want to use public Wi-Fi hotspots, install a reputable virtual private network (VPN) on your devices to encrypt and secure your data when using the internet.

“When using a public network, disable file sharing, don’t do anything sensitive — such as banking — while connected to it and once you finish using it, change your device settings to ‘forget network’.”

Mr Scaife said on iPhones, people could also tap the edit button in the top right corner of the screen in Wi-Fi settings where they can view networks they’ve accessed and delete them to prevent the phone from automatically trying to connect to them.

Zimperium has also successfully completed the Australian federal government Information Security Registered Assessors Program (IRAP) assessment. This will allow it to sign on commonwealth departments and agencies, which require a minimum of Protected-level classification.

Zimperium chief executive Shridhar Mittal said the IRAP complemented the Mobile Threat Defence (MTD) shiefl the company built in Canberra.

“The success of achieving protected level for sovereign hosted MTD in Australia cannot be underestimated,” Mr Mittal said.

“The emergence of new mobile cyber mercenaries, mobile spyware developers, and the rapid proliferation of mobile malware targeting Australians has prompted our investment into this capability. With this capability we can assist Australian sovereign governments, departments, and infrastructure in protecting their data.”

More Coverage

Scams are a ‘plague’: NAB boss

Angelica Snowden, Cliona O’Dowd

ASIC says its hands were tied on scams

David Murray, David Ross

Originally published as Hackers target Aussie airport Wi-Fi networks with $20 device, mobile security firm Zimperium says