Imagine this scenario: someone in a car parked outside your office building is working on a laptop. He plugs in a device that allows him to mimic a WiFi network in your building. The device is called a Pineapple. The WiFi network it creates looks exactly like the one phones and computers at your business connect to every day. In fact, mobile phones and laptops all around your business may automatically connect to this dummy network, and you would never know the difference. While you're going about your business, the man with the Pineapple in the parking lot is gaining access to your company's network and private information.
This is a scary picture to paint, but it is a reality that could happen anywhere. Here's how you can keep yourself and your workplace safe.
What is a Pineapple?
WiFi Pineapples are devices that allow a security researcher or malicious attacker to hijack a wireless signal and conduct what is known as a man-in-the-middle attack against PCs, laptops, tablets or mobile phones in your organization. Once compromised, the attacker can easily gain access to confidential information that is sent over a wireless network, including login IDs and passwords, bank accounts, private health information, corporate secrets, credit card numbers and other private information.
Pineapples are typically physical devices that can be hidden in a backpack, behind a potted plant or above a ceiling tile. Similar software exists that can be run on an ordinary laptop or tablet. In most cases you will never see or detect the malicious attacker at work. WiFi Pineapples and other wireless network exploits are not new, but their use is increasing, and the impact of these exploits has grown as more people transact banking and other private matters online. These devices are available for under $100 online and can be operated easily with minimal formal knowledge or training. Software that allows similar exploits is widely available for free.
How does it work?
Wireless client devices like mobile phones, tablets and laptops are constantly attempting to join wireless networks that they have connected to in the past. You have likely seen them pop-up on your laptop or mobile device.
A WiFi Pineapple can detect these connection attempts and dynamically create a wireless network that appears to be a trusted network to which you have previously connected. Once the connection is made, a series of scripts can be executed to intercept your communication and inject bogus web pages or malicious programs and collect personal information and passwords.
How can I protect myself and my corporate network from WiFi Pineapples and other wireless network exploits?
- Configure your phone, tablet and computer to never connect automatically to wireless networks, especially when you are travelling
- Install a Wireless Intrusion Prevention System (WIPS) in your corporate network
- Be vigilant when accessing public WiFi
- Be skeptical of network names like “Free WiFi” and networks named for common hotel chains and other franchises
- Update your WiFi routers, access points and client devices to patch known vulnerabilities, like Krack.
- Never connect to open or unsecured wireless networks
- Do not conduct sensitive business, banking or health-related activities over public WiFi
- Verify that the SSL certificate for the web site is genuine and was issued to the company to which you are connecting
- Use a VPN connection whenever possible, but beware that a Pineapple exploit may be executed before you have successfully connected to the VPN
How can I learn more?
Contact us to request a complimentary consultation about wireless security risks, remediation and WIPS.
Randy is a CISSP who leads the Cybersecurity and IT Consulting team at Loffler Companies. He is focused on applying his 25+ years of IT experience to help his clients measure, understand and manage information security risk through the vCISO managed consulting program.
