How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself) [source:motherboard]

22 Nov 2017

No Comments

1657

In popular media, hackers are often portrayed as an elite cabal of ski mask aficionados and computer experts that can keyboard mash their way into any digital device. But what if I told you that you can also pwn almost any internet connected device around you, even if you can’t tell an SSL from an SSID?

Yes, my friend, the device you are looking for is a Wi-Fi Pineapple, which can turn anyone from hack to hacker for the low, low price of $99. Since it is so cheap and easy to use, it’s important to understand how the Pineapple works in order to protect yourself against its attacks.

The Pineapple is a nifty little device first released in 2008 by Hak5, a company that develops tools for penetration testers, or “pentesters.” Pentesters are usually hired by organizations to attack their own networks in order to expose vulnerabilities before they are discovered by some bad actors. The Pineapple allows pentesters to easily execute sophisticated attacks on public Wi-Fi networks to see how the attacks work and how to protect the network from those attacks.

Pineapples aren’t much different than the normal Wi-Fi access points you use to get internet at home or in the office, just more powerful. They use multiple radios rather than just a single radio found in most routers. This means a Pineapple is able to interface with hundreds of devices at a time, rather than just a few dozen. Moreover, the Pineapple’s web interface is optimized to execute complicated network attacks.

“When I invented the Wi-Fi Pineapple, I saw that Wi-Fi had inherent flaws that made it vulnerable to spoofing attacks,” Darren Kitchen, the founder of Hak5, told me in an email. A spoofing attack is when a hacker impersonates a service or device in order to gain access to a victim’s data.

“A lot of nefarious types had already taken advantage of these weaknesses, but the majority of people weren’t aware of the problem,” Kitchen added. “I figured if information security people had access to a device that could easily exploit these flaws, it would raise awareness and get things fixed.”

For more, click here.