In popular media, hackers are often portrayed as an elite cabal of ski mask aficionados and computer experts that can keyboard mash their way into any digital device. But what if I told you that you can also pwn almost any internet connected device around you, even if you can’t tell an SSL from an SSID?
“When I invented the Wi-Fi Pineapple, I saw that Wi-Fi had inherent flaws that made it vulnerable to spoofing attacks,” Darren Kitchen, the founder of Hak5, told me in an email. A spoofing attack is when a hacker impersonates a service or device in order to gain access to a victim’s data.
This guide is meant to be an informational glimpse into the world of network pentesting, as well as a reminder about the importance of personal information security. After showing you just a few of the ways a Pineapple can be used to pwn you, I’ll also walk you through some simple steps you can take to make sure you’re never on the wrong end of a malicious Pineapple attack.Hak5 makes a few different versions of the Pineapple, but while putting together this article I used its cheapest model, which I bought at the DEF CON hacking conference for the purposes of this article: the Pineapple Nano. I configured it on a Windows computer, although it’s also compatible with iOS and Linux systems.
Read More: The Motherboard Guide to Not Getting Hacked
EXPLOIT #1: WALL OF SHEEP
All of the exploits for the Pineapple are freely available as downloadable modules on the Pineapple’s dashboard and usually only take a single-click to download and install on the device. Once the Wall of Sheep module (called ‘DWall’) is installed on a Pineapple, any device that connects to it will basically be broadcasting their browsing traffic to the owner of the Pineapple.The exception to this, of course, is if the would-be victim is using a Virtual Private Network (VPN) to encrypt their web traffic or only visiting pages secured by Secure Hypertext Transfer Protocol (HTTPS). This protocol encrypts the data being routed between the website’s server and your device and effectively prevents eavesdroppers from seeing which websites you’re visiting. HTTPS also helps protect your web habits from your internet service provider, which can only see the top level domain habits of its users (for instance, that you visited Motherboard, but not that you clicked on this article).Although over half the web has switched to HTTPS from its insecure predecessor, HTTP, a 2017 Google audit found that nearly 80 percent of the top 100 websites don’t deploy HTTPS by default. This means that anyone who inadvertently connects to a Pineapple and then browses to an HTTP version of the site is basically exposing all of their activity on that site, from pages visited to search terms, to the person wielding a Pineapple.
EXPLOIT #2: MAN-IN-THE-MIDDLE + EVIL PORTAL
So how does a Pineapple trick your device into think it is a legitimate access point? There is a native feature on the Pineapple that scans for service set identifiers (SSID)—the names of Wi-Fi networks—that are being broadcast from devices in its vicinity.Any time you connect to a Wi-Fi network on your phone or computer, your device saves that Wi-Fi network’s SSID in case you ever need to connect to that Wi-Fi network in the future. But this convenience comes with a major cost.
Pineapples are able to take advantage of this feature by scanning for all the SSIDs being broadcast by devices in its vicinity. It then rebroadcasts these SSIDs so that it can trick devices into thinking it is an access point that has been connected to in the past. So to use the above example, the Pineapple will see that your phone is asking, “Is this network ‘Human_Bean_wifi’?” and then start broadcasting its own signal that says “Yes, I am ‘Human_Bean_wifi’, connect to me.”Put another way, this would basically be like walking around with a set of keys to your house and asking every stranger you meet if they are your roommate. In most cases, those strangers will say “no,” but you also run the risk of running into an ill-intentioned stranger who will lie to you and say “yes, of course I am your roommate. Please let me in,” and then proceed to steal all your stuff.
"A quick reality check is usually all it takes to see if you've been duped by a Wi-Fi Pineapple."
But getting devices to connect to a Pineapple is only half of executing a MITM exploit. An attacker also must be able to read the data being routed from the device through the Pineapple. There are a couple of ways to do this.
Read More: The Motherboard Guide to VPNs