Wi-Fi Pineapple

Summary

INTRODUCTION

Picture this. You sit down and open your Wi-Fi settings to select your familiar network. Reading the list quickly, you see a network with the same name as your known network. You select that network and continue your work as usual. What you didn’t know was that an attacker had set up a rogue access point (rogue AP) using a Wi-Fi Pineapple and now can see all of your activity without your realizing.

This information is provided for general awareness and defense purposes only. This information also is not intended to be a complete description of the functionality or risks of the identified tools.

WHAT IS THE WI-FI PINEAPPLE?

The Hak5 Wi-Fi Pineapple was designed as a pen test tool but has also been used in a wide range of hacking situations. While the Pineapple was developed to be a wireless auditing suite, it has also been commonly used to create a rogue access point in order to carry out a man-in-the-middle (MitM)/Evil Twin attack.

HOW DOES IT WORK?

The Wi-Fi Pineapple sits between the target device and the known, legitimate network. In this position, the Pineapple can listen to all the data being transmitted between the device and the network. Relatively easy to set up straight out of the box, the Pineapple allows an attacker to quickly clone the capabilities of the trusted access point, thus establishing its Evil Twin status.

CTO Dr. Brett Walkenhorst describes the Wi-Fi Pineapple

HOW CAN I UNCOVER A WI-FI PINEAPPLE?

Upon first glance, you may not be able to tell that you have a malicious Evil Twin in your environment. The sophistication of these devices comes in their ability to spoof known networks and replicate their SSIDs and MAC addresses. However, with a robust Wireless Intrusion Detection System, like Bastille, you will be able to identify all wireless devices in your space, thus alerting you to the presence of any anomalous devices like a Wi-Fi Pineapple.

WHAT CAN I DO TO DEFEND AGAINST THIS THREAT?

Bastille recommends a few security best practices for this type of threat:

Be Wary of Public Networks: If possible, avoid connecting to public networks. Public networks have low security compared to a protected personal or enterprise network which makes it easy for an attacker to mimic the network’s SSID, similar to the attack type detailed above.

Use a VPN: If you must connect to a public network, consider using a VPN to give yourself an added layer of security.

Update and Enforce Your Security Policy: Establish and educate upon a corporate policy for all employees regarding these types of devices to help keep your space secure

Stay Up to Date: The landscape of wireless security is constantly evolving. In order to defend against these threats, you need to know what’s out there. Check out our recent webinar on Wi-Fi Vulnerabilities in which CTO Dr. Brett Walkenhorst dives into the Wi-Fi protocol, the Wi-Fi Pineapple, and other related hacker devices.

Video Transcript

A pineapple, is a WiFi device that is a pen test tool that enables evil twin attacks. It's relatively straightforward out of the box to set these up, you can clone capabilities of access points. You can set up different forms of attack to instantiate an evil twin. These have been used.

In a drone mounted configuration to attack corporate WiFi networks. That's an interesting delivery mechanism. So so these are are nice little devices that just over a hundred bucks and you can set up an evil twin. This is not the only way to do it, by the way. You can view really cheap devices on the orders of like ten or twenty bucks.

To set up a a WiFi network interface card that is dedicated to this and you can run all kinds of software to do this. The pineapple just gives you a nice simple way of implementing the evil twin attack.