Disable Auto-Join Wi-Fi

Evil Twin hotspots wait for your phone to auto-connect. Stay in manual mode.

The Evil Twin Attack

Your phone remembers every Wi-Fi network you've ever connected to. When it sees a network with a matching name (SSID), it connects automatically.

An "Evil Twin" attack is when someone sets up a fake hotspot with the same name as a real one — "Starbucks Wi-Fi", "Airport_Free_WiFi", "xfinitywifi" — and waits for devices to auto-join. Once connected, all your traffic routes through the attacker's machine.

They can see unencrypted traffic, inject ads or malware into HTTP pages, and perform SSL stripping attacks on HTTPS connections. Most users never notice.

Who Does This?

This isn't theoretical. Evil Twin attacks are a common technique for:

• Credential harvesting at conferences and airports
• Corporate espionage targeting traveling employees
• Targeted attacks on individuals at known locations

The equipment needed? A $30 USB Wi-Fi adapter and free software. This is beginner-level hacking.

How to Protect Yourself

On iPhone:

• Settings → Wi-Fi → tap the (i) next to each saved network → toggle off "Auto-Join"
• Settings → Wi-Fi → Ask to Join Networks → set to "Ask" instead of "Automatic"

On Android:

• Settings → Network & Internet → Wi-Fi → Saved Networks → remove networks you don't use

For everyone:

• Use a VPN on public Wi-Fi — even if you do get MITM'd, they see encrypted VPN traffic
• Forget networks you don't regularly use
• Use your phone's mobile hotspot instead of public Wi-Fi for anything sensitive

The Bigger Picture

Auto-join is a convenience feature with a real security cost. Your phone silently hands your traffic to anyone who can guess a network name you've connected to before. Manual Wi-Fi selection adds two seconds of friction and eliminates an entire attack surface.

Turn off auto-join. Connect intentionally.

Get your site properly hardened.

The Voice of Cash delivers professional security audits and hands-on implementation.