How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It)

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."

nothing new here.

[anthony_greer]

MITM wifi attacks and hotpot impersonation have been a thing for the better part of a decade now, what does this bring to the table that malicious actors didn't already have?

Re:nothing new here.

[AmiMoJo]

This brings nothing new. The same old solution from over a decade ago works just as well - connect to a VPN.

Android supports this, I'd be surprised if iOS didn't as well.

Re:nothing new here.

[mjwx]

MITM wifi attacks and hotpot impersonation have been a thing for the better part of a decade now, what does this bring to the table that malicious actors didn't already have?

Yes, but now it has a Web 2.fucking.0 name, a marketing slogan and can be encased in a plastic pineapple. Cant you see how this is completely different?

Re:nothing new here.

[Applehu+Akbar]

Hotpot impersonation, the bane of holiday cookouts across the nation.

Re: nothing new here.

Not many of us on the east coast have a backyard parTy/grill this time of year. But point taken.

Re:nothing new here.

[ctilsie242]

Even on iOS, VPNs are trivial. Some VPNs even offer an app which can allow you to select the closest server group, install a profile, and have the VPN auto configure when on Wi-Fi, with the ability to whitelist a few trusted SSIDs.

I'm amazed that Apple or Google hasn't offered their own VPN service where you just flip a switch, ensuring no matter what hanky-panky the AP/ISP does, the worst they can do is slow down or block traffic, not change it.

I decided to go with a VPN always when telcos started actively adding X-UIDH headers on HTTP exchanges. That, and Phorm with ads injected via traffic in flight.

Re: nothing new here.

[ccady]

>> with the ability to whitelist a few trusted SSIDs. That's what I just learned here. You can't trust an SSID, even your own. They will be spoofed. You must *always* use a VPN.

Re:nothing new here.

[Iconoclysm]

The big controversy around this is the ease of use, anyone can use it, even those with very little understanding of how to do what they're doing. Also, the price - under $100.

Re:nothing new here.

[chispito]

Yes, but now it has a Web 2.fucking.0 name, a marketing slogan and can be encased in a plastic pineapple. Cant you see how this is completely different?

Actually it had all that nearly a decade ago, too.

Re: nothing new here.

Not many of us on the east coast have a backyard parTy/grill this time of year. But point taken.

Not everyone on the East Coast lives in the frigid North.

I'm not buying it

[dhaen]

So this is a product adverisment?

Re:I'm not buying it

[hcs_$reboot]

Quite obvious. $99

Re:I'm not buying it

[wierd_w]

Especially since you can construct something much smaller, with COTS parts, for less than half that.

(psst... hacked zsun + USB battery pack. Other than N, and maybe really loud antennas, it can do anything this thing does. Total price: retail ~35$)

Re:I'm not buying it

[hcs_$reboot]

There are even small and good stuff in shops, that accept openwrt joyfully, for 1/4 of that price.

Obligitory

[forkfail]

Pen Pineapple Apple Penetration.

Re: Obligitory

Peeved and perturbed, punting pontification puntil pevening

Already fixed

[PReDiToR]

Wi-Fi Privacy Police.

Take a look, I'm not connected with the project.

Just turn off Wi-Fi

If you don't want to broadcast SSIDs, just turn off the Wi-Fi until you are in a place you want to use it.

Re:Just turn off Wi-Fi

[smooth+wombat]

No, that is too difficult. It means people will miss five seconds of texts which are coming through.

Re:Just turn off Wi-Fi

[Oswald+McWeany]

No, that is too difficult. It means people will miss five seconds of texts which are coming through.

Texts come through perfectly fine without Wi-Fi. Messaging doesn't use Wi-Fi.

SSID Broadcast

Only the SSIDs of hidden networks need to be broadcast, not all SSIDs of the listed networks.

Re: SSID Broadcast

THIS.
On Windows you even get a warning when connecting to hidden SSID networks, for exactly this reason.

Re:SSID Broadcast

And only when the user specifically instructs the computer to connect to a particular network. And only that network's SSID.

Re: SSID Broadcast

Or the god damn WiFi spec could have the router send its public key on connect and if it doesn't match the phone's stored public key, fail. Otherwise, communicate using the public key. If the router sends a public key it doesn't have the matching private key for, it can't decrypt anything anyway.

Re: SSID Broadcast

Hahaha I love how you think the wifi specs were an honest attempt to provide security, and not trojaned by the TLAs in order to add weaknesses that any numskull "Um! Gee what happens if a malicious attacker calls their public network the same thing as one you've used before?" or "Hey isn't every client using the same preshared key insecure? Why not make them generate new keypairs on connect?" could have foreseen.

Try making it clear

[Bohnanza]

One thing that would help is if you actually told people what is going on. If you warn people of a possible "Wall of Sheep" attack from a "Wifi Pineapple" you are telling them nothing at all.

Re:Try making it clear

Here's a better link that actually explains what the Wall-of-Sheep is:
https://www.wallofsheep.com/pages/wall-of-sheep

Re:Try making it clear

[freeze128]

If the Wi-Fi Pinapple listens passively for clients trying to connect to their 'remembered' Wi-Fi hotspots, then why can't the cell phones also do that? Why do they need to shout "Hey, here are all the access points that I have connected to in the past"?

Re:Try making it clear

So just another childish prank that is a felony and anyone that does it should be prosecuted.

It isn't the '90s anymore. You can't just walk into someone's living room and say "Hey you should thank me for picking your deadbolt! Now you know other people can do it too!"

Maybe the site owners will be thrown in federal prison for creating and facilitating tools to commit crimes.

Re:Try making it clear

[dissy]

Why do they need to shout "Hey, here are all the access points that I have connected to in the past"?

It's part of the spec, not so much wifi specifically but DHCP and DNA protocols.

The idea was when you first connect to a wifi network, you use ARP at layer 2 and broadcast a DHCP request to get a valid IP to begin using layer 3.
When you are disconnected "briefly" and reconnect later, that IP is likely to still be valid for use.

Using DNA (direct network attachment), you can broadcast the previously used router MAC, device MAC, and SSID to verify you are on the same local link, and can begin reusing your previous IP without having to wait for a DHCP renewal.
If you send an ARP with the remembered MACs, and get a reply, something else is now on the IP you had and you must renew with DHCP to get another IP.
If you don't get a reply, its generally safe to assume it.

I presume it was assumed this would be a common and desired situation. Walking around in and out of wifi range, or maybe allowing the radio to go into a sleep mode where it basically is off and thus detached from the network, this does let you reconnect a bit faster.

I also presume the security implications were just not thought of or cared about.

https://www.ietf.org/rfc/rfc4436.txt

Great!

[140Mandak262Jamuna]

All intel chips are vulnerable. OK let me switch to mobile and avoid intel.

All WiFi devices are vulnerable. OK I am going to turn off wi-fi and use only mobile data

Next?

Rouge Cell towers, stingrays, ...

ALL OUR BASES ARE BELONG TO THEM

Re:Great!

and laws aren't going to help you because stingrays should already be illegal...

Re:Great!

If you need to communicate with people, clearly the only way is directional neutrinos.
Researchers can hardy capture the fuckers, now nobody will!

Re:Great!

This is actively being pursued. Just for trivia purposes, the first song "Broadcast" by Particle Beam, not of the Photon variety, was "Locomotive Breath" in 1995.
It took a special kind of "Antenna" to pick it up; the 1.5ns FWHM Bunch Structure was modulated at a lowly 14.2934MHz to sneak in under the Ham Band at 20 Meters just in case; distance covered precisely 1Km... of solid Shielding cement and then rock.
And then it was Classified.

Re:Great!

[DontBeAMoran]

Rouge cell towers

Well, just connect to the blue or green ones. Problem solved.

Damn fruits

[nospam007]

Apple WiFi dangerous, Pineapple WiFi dangerous ...

I guess I'll stick to WiFi Vegetables.

Re:Damn fruits

Or use Android. They're not so fruity, but the sugar content is higher.

Re: Damn fruits

You enjoying them saccharin tablets comrade?

Another reason to miss my Windows Phone

[TheCastro1689]

I could set it up to only connect to wifi at certain locations, it was such a battery saver. I mean like now I can set my iPhone to connect to only known networks (even though that is how this attack works) etc etc, but having the geofencing was sweet.

Breakthrough security method

[Murdoch5]

How about not connecting to WiFi hotspots? With mobile data being plentiful, you simply don't need to hook up to WiFi hotspots, which completely removes the need to forget them :)

Re: Breakthrough security method

This is a very geographically limited solution. Cheap, quality mobile data is far from ubiquitous even in the us, let alone globally.

Re:Breakthrough security method

one word, stingray

Re: Breakthrough security method

[Dog-Cow]

Cheap, quality mobile data is far more accessible outside the US than in. You seem to be living in a bubble.

From F-Droid

[Pseudonymus+Bosch]

F-Droid.
A problem is that the function of disabling wifi to out-of-place SSIDs requires to enable location services.

Can anyone explain why?

Why does a WiFi device advertise to whom it wishes to connect?

It seems that it could just say "I want to connect! who's out there?" and then filter the responses it gets.