For convenience, wireless devices like laptops, tablets, and smartphones contain software that automatically connects to networks they remember. That feature is also an easy to exploit vulnerability.
For convenience, wireless devices like laptops, tablets, and smartphones contain software that automatically connects to networks they remember. When a wireless device is turned on, it sends out probe requests, searching for familiar networks to connect to.
“This convenient feature is what gets you online without effort when you turn on your computer at home, or the office or coffee shops or airports that you’ve been to before. That feature is also a vulnerability,” says Darren Kitchen of San Francisco-based technology group Hak5 .
Hak5 are the creators of the WiFi Pineapple, a device that allows hackers to access data from wireless devices by exploiting that vulnerability.
“Laptops are constantly looking for networks they remember. ‘Hey, I’m looking for my Linksys, or I’m looking for my Netgear, or I’m looking for my corporate network,'" explains Kitchen. "The pineapple replies and says ‘Yes, I am your corporate network.'”
In 802.11, there is no mechanism built in to the protocol for verifying that the SSID is the same SSID that you’ve connected to before, Kitchen says.
It’s essentially a WiFi honey-pot . “It’s super simple. You just turn it on and it connects back to you and it does ‘the thing’"--secretly gathering Web data, including passwords, and data that a device is sending and receiving using software called Jasager, German for “The yes man.”
Pineapples are the easiest way to become the man-in-the-middle when it comes to WiFi, Kitchen said. “You’re not trying to get on the network and place your self between the router and them, because you are the router.”
Hak5 has developed several pineapple devices in the past, but revealed its latest model at the Shmoocon Hacker conference in Washington, D.C., on Friday.
The WiFi Pineapple Mark IV doubles the processing power, doubles the RAM, adds a second Ethernet port, improves the battery, and adds a USB port that allows hackers to give it broadband connectivity and remote access. With a 10-hour battery, the Mark IV is a self-contained system that could be left in a location to collect data and retrieve it later for analysis. The Mark IV sells for $100.
“As long as the right person can get into the building, hide it under a desk or plug it into a wall, it will connect back to your red team where they can actually do the penetration test there,” Kitchen said.
Companies and individuals can protect against pineapple devices , but it takes away the convenience that comes with automatically connecting, Kitchen says.
One way is to check the SSID or hardware ID on the router or network you’re trying to connect to. If a device is showing that it can connect to a home network or corporate network away from home, there may be a pineapple around.
“One of the things that I do on my own machines to see if there might be a pineapple in the area is manually add a network to my operating system and name it 'Pineapple Alert,' so my laptop is constantly probing looking for a network named Pineapple Alert. If there’s a pineapple around it will say, ‘Oh yeah, I’m around.’ And then, I’ll just turn off WiFi,” Kitchen said.
Security consultants have in the past said that pineapples have no legitimate use. "Previously, the hackers’ tools were developed so network administrators could monitor traffic to help them manage the networks, a real and appropriate use. Unfortunately, the hackers started using an otherwise-legitimate technology for their own nefarious purposes," writes PrivateWifi.com . The blog also raises concerns that the equipment is relatively cheap so now "anyone, with or without much intellect, can become a hacker."
Darren says he hasn't encountered pineapples in the wild, but he has come across them in the “target-rich environment” of hacker conferences.
♦ Photo by Carlton Purvis/Security Management