ROGUE WI-FI HOTSPOTS (E.G. WI-FI PINEAPPLES)

Summary

Rogue Wi-Fi Hotspot and rogue Wi-Fi access points (including Wi-Fi Pineapples) can impersonate legitimate Wi-Fi networks, and can be used for Man-In-The-Middle attacks to sniff network traffic and steal credentials. Can someone in your building by-pass all your Wireless Intrusion Detection Systems by opening a Wi-Fi hotspot which detours your data around your expensive Wi-Fi anomaly detection?

To learn more about finding rogue Wi-Fi hotspots operating in your environment read our Bastille data sheets or request a Bastille demo.

Video Transcript

Hello, my name is Bart Seamer, and I'm the Director of Vulnerability Research at Bastille. I'd like to talk to you about rogue Wi Fi hotspots. These are rogue access points that use Wi Fi that impersonate legitimate access points that may be installed in your corporate infrastructure. The goal there is for an attacker to have a rogue access point come up, look like a legitimate legitimate one, and then have your victims actually associate with that thinking that it is a legitimate access point.

Once you have this rogue access point set up, you can then man in the middle attack all the data actually flowing through that access point. So you will then be privy to all of the data that is being sent from your victim's machines through the access point onto the existing corporate network or maybe out onto the Internet.

That allows you to scavenge and scrape for sensitive information such as passwords, usernames, credit card information, and so on. And it's actually very easy nowadays to create a rogue exit point by purchasing particular devices. One popular one is the Pineapple, and that comes with a complete software stack and multiple Wi Fi interfaces, allows you to deploy it somewhere in a compact form factor, and then collect this sort of information.

With the the Bastille solution, you can actually detect these new access points coming up and then look for particular signatures that will reveal that these access points are actually rogue and not legitimate. Thanks very much for listening. If you'd like to learn more, please visit our website.