Pinterest Stumbleupon Whatsapp
Advertisement

The pineapple is one of the most contentious fruits around. It’s inclusion on pizza is either a culinary delight or a disgrace depending on your point of view. Now though there is another type of pineapple that may be able to compromise your security.

The Wi-Fi Pineapple is a device that more closely resembles a Wi-Fi Access Point than its namesake. The pocket-sized device was created for penetration testing, but can be re-purposed to perform malicious man-in-the-middle attacks. If a hacker unleashes the Wi-Fi Pineapple in a public place, even after taking steps to secure yourself, you could still be vulnerable.

What Is a Wi-Fi Pineapple?

The Wi-Fi Pineapple is a piece of hardware that was originally created for network penetration testing. Pen testing is an authorized attack of a system in order to find vulnerabilities. The practise is part of a larger branch of testing known as Ethical Hacking.

wi-fi pineapple

Traditional pen testing often requires the use of specialized software and operating systems like Kali Linux. However, the Wi-Fi Pineapple cuts down on the technical expertise needed to perform the tests. In fact, it is one of the most consumer-friendly testing devices. Packaged within one device and equipped with an attractive and easy-to-use UI, it simplifies the process enormously. It even has a companion app for Android that allows you to download the latest updates and perform the device setup.

The Pineapple acts as a hotspot honeypot to get unsuspecting users to connect to the device. Have you ever noticed that when you’ve left your phone’s Wi-Fi turned on, when you get home it automatically connects to your home network? The Pineapple exploits this autoconnect feature to trick devices into connecting. By using a network SSID that your phone recognizes, it intercepts the automatic connection as a man-in-the-middle attack.

Often the Pineapple is connected to the true Wi-Fi network so that you still get an internet connection and remain unaware. However, it can even be used to spoof Wi-Fi networks that the tester doesn’t have access to. This is done by using the target network SSID, and then using a USB modem or tethering to connect the Pineapple to the internet.

A Word About Man-in-the-Middle Attacks

A man-in-the-middle attack What Is A Man-In-The-Middle Attack? Security Jargon Explained What Is A Man-In-The-Middle Attack? Security Jargon Explained Read More is when a malicious attacker inserts themselves between you and the internet. They are frequently compared to the eavesdropping attacks that were common place in a pre-digital era. A MITM attack is like someone listening into your communications with other websites. You may think that if you have nothing to hide then this is fairly harmless. However, they can be far more damaging than you imagine.

By sitting in between your connection, the attacker can view all the data that you intend to send over the internet. This can be especially dangerous if you intend to do online shopping or banking. If the website isn’t using HTTPS then all your data is unencrypted and viewable to the attacker. Even if the site is using HTTPS, the attacker could spoof the real website, offering you a fake one to collect your data. Or they could use a tool like SSLStrip to remove the HTTPS encryption.

A Controversial Fruit

The Wi-Fi Pineapple is particularly controversial as it puts some potentially very dangerous hacking techniques into the hands of potentially unskilled hackers. By making the device so easy to use, it makes it accessible to a larger group of malicious attackers. It is relatively inexpensive too at less than $100 for the Nano Basic. The device is easily available through the Hak5 website with worldwide shipping. You could even buy it on Amazon for a time, albeit at an inflated price.

wi-fi pineapple nano

Kent Lawson at Private WiFi labelled the Pineapple a “toy that has no legitimate use.” However, Hak5’s Darren Kitchen denies this is the case. He says that he sells the device mostly to governments and pen-testers. He also claims that the reason he developed the device was to raise awareness of Wi-Fi exploits and MITM attacks.

One of the potential uses for the Wi-Fi Pineapple is to use MITM to perform phishing attacks. By passing all your data through the Pineapple it is left vulnerable to theft and abuse. This includes passwords, emails, and any other confidential information. The attacker may not even be in the area as the Pineapple can be controlled remotely over the internet.

wi-fi pineapple software

Although the Pineapple only accepts probes for the current Wi-Fi network, it is possible to force any device to connect. By modifying the hostapd binary, the device can be told to accept probes even for your home Wi-Fi network. This means that if you have any saved Wi-Fi networks, you are going to get drawn into the honeypot.

How to Protect Yourself

The Wi-Fi Pineapple makes for an almost invisible MITM attacker. You may think that this would make it almost impossible to protect yourself. However, there are a few ways to evade its sticky trap. Your first line of defence against should be to always use a VPN 6 Logless VPNs That Take Your Privacy Seriously 6 Logless VPNs That Take Your Privacy Seriously In an age where every online movement is tracked and logged, a VPN seems a logical choice. We've taken a look at six VPNs that take your anonymity seriously. Read More when using public Wi-Fi 3 Dangers Of Logging On To Public Wi-Fi 3 Dangers Of Logging On To Public Wi-Fi You've heard that you shouldn't open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks? Read More . By encrypting all your traffic with the VPN, you evade the Wi-Fi Pineapple’s data collection. Of course, there are many other good reasons you should be using a VPN 10 Reasons Why You Should Be Using a VPN 10 Reasons Why You Should Be Using a VPN Virtual Private Networks are affordable and easy to use. Along with a firewall and antivirus/anti-malware solution, here is exactly why you should have a VPN installed. Read More  too. To avoid the known network exploit, make sure you turn Wi-Fi off when you aren’t using it. This also prevents advertisers and other companies tracking you around the world How Wi-Fi Can Track You Around the World How Wi-Fi Can Track You Around the World When online, we leak more information than we mean to, often thanks to Wi-Fi. In fact, it can even be used to track you wherever you are around the world. Read More .

The hacker may try to use phishing attacks 4 General Methods You Can Use To Detect Phishing Attacks 4 General Methods You Can Use To Detect Phishing Attacks A "phish" is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account... Read More to trick you into handing over confidential data.You can beat this attack by staying alert and checking for HTTPS HTTPS Everywhere: Use HTTPS Instead of HTTP When Possible HTTPS Everywhere: Use HTTPS Instead of HTTP When Possible Read More . Just as important is to not ignore website certificate warnings What Is a Website Security Certificate and Why Should You Care? What Is a Website Security Certificate and Why Should You Care? Read More as they are a sign that something is amiss. Supposing you do connect to a public Wi-Fi network without a VPN, avoid using sensitive websites like online stores or banking Is Online Banking Secure? 5 Risks That Should Worry You Is Online Banking Secure? 5 Risks That Should Worry You There's a lot to like about online banking. It's convenient, can simplify your life, you might even get better savings rates. But is online banking as safe and secure as it should be? Read More . If you tend to work remotely or travel frequently it may also be worth investing in your own mobile hotspot The 7 Best Portable Mobile Wi-Fi Hotspots of 2016 The 7 Best Portable Mobile Wi-Fi Hotspots of 2016 If you spend more time away from home than at home, you'd be surprised by how useful a portable Wi-Fi hotspot is. It lets you take the internet with you everywhere you go. Read More .

Wi-Fi Pineapple Pizza

Your view of the Wi-Fi Pineapple will likely be colored by what side of the debate you sit on. It’s usefulness as an ethical hacking tool may outweigh its possible nefarious use. However, that doesn’t mean that you shouldn’t take steps to protect yourself.

Seeing someone sitting in a coffee shop with networking hardware would clearly raise some eyebrows. Unfortunately the hacker may not be that unsubtle. You can minimize your risk by making sure you use a VPN, especially on Wi-Fi networks. Staying alert to certificate warnings, or suspicious looking websites can also help you secure your data.

Had you heard of the Wi-Fi Pineapple before? Have you seen one in person? Ever been a victim of a MITM attack? Let us know in the comments below!

Image Credits: Foxy burrow/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *