INTRODUCTION
Picture this. You sit down and open your Wi-Fi settings to select your familiar network. Reading the list quickly, you see a network with the same name as your known network. You select that network and continue your work as usual. What you didn’t know was that an attacker had set up a rogue access point (rogue AP) using a Wi-Fi Pineapple and now can see all of your activity without your realizing.
This information is provided for general awareness and defense purposes only. This information also is not intended to be a complete description of the functionality or risks of the identified tools.
WHAT IS THE WI-FI PINEAPPLE?
The Hak5 Wi-Fi Pineapple was designed as a pen test tool but has also been used in a wide range of hacking situations. While the Pineapple was developed to be a wireless auditing suite, it has also been commonly used to create a rogue access point in order to carry out a man-in-the-middle (MitM)/Evil Twin attack.
HOW DOES IT WORK?
The Wi-Fi Pineapple sits between the target device and the known, legitimate network. In this position, the Pineapple can listen to all the data being transmitted between the device and the network. Relatively easy to set up straight out of the box, the Pineapple allows an attacker to quickly clone the capabilities of the trusted access point, thus establishing its Evil Twin status.
CTO Dr. Brett Walkenhorst describes the Wi-Fi Pineapple
HOW CAN I UNCOVER A WI-FI PINEAPPLE?
Upon first glance, you may not be able to tell that you have a malicious Evil Twin in your environment. The sophistication of these devices comes in their ability to spoof known networks and replicate their SSIDs and MAC addresses. However, with a robust Wireless Intrusion Detection System, like Bastille, you will be able to identify all wireless devices in your space, thus alerting you to the presence of any anomalous devices like a Wi-Fi Pineapple.
WHAT CAN I DO TO DEFEND AGAINST THIS THREAT?
Bastille recommends a few security best practices for this type of threat:
Be Wary of Public Networks: If possible, avoid connecting to public networks. Public networks have low security compared to a protected personal or enterprise network which makes it easy for an attacker to mimic the network’s SSID, similar to the attack type detailed above.
Use a VPN: If you must connect to a public network, consider using a VPN to give yourself an added layer of security.
Update and Enforce Your Security Policy: Establish and educate upon a corporate policy for all employees regarding these types of devices to help keep your space secure
Stay Up to Date: The landscape of wireless security is constantly evolving. In order to defend against these threats, you need to know what’s out there. Check out our recent webinar on Wi-Fi Vulnerabilities in which CTO Dr. Brett Walkenhorst dives into the Wi-Fi protocol, the Wi-Fi Pineapple, and other related hacker devices.