What is a Pineapple Wi-Fi and why do I care?
Why do we call a Wi-Fi hacker device a WiFi Pineapple?
I guess the name is not important but what is important is to know what this Pineapple device is. This is not something you need to memorize, but the reason I write this is so you can understand the risk to your personal information.
The risk for anyone using a computer/mobile phone/tablet or website of any kind is always security. The WiFi Pineapple is not meant to be a hacking device, but it is meant to help you audit your wireless network. Quick Note: Anytime you hear the word “audit”, no matter if it is the IRS or an IT consultant, you will be left with an uneasy feeling.
Audit, big deal.
So you are going to get an audit of your wireless. Ok big deal, right? Does this really constitute a need for concern? It can if you don’t have the right security.
An audit is performed to help you realize the shortcoming of a process. The IRS could audit you about a tax that you paid or did not pay. If you ask for an audit of your IT suite you are looking for feedback on any flaws your current system might contain.
Even if you had an audit in the past few years you might want to step up your game. IT security risks are always changing. Recent cybercrime journals/blogs estimate one million new pieces of malware found per day.
Bring me the Pineapple!
The WiFi Pineapple is a device that acts as a hotspot honeypot. The device will act as the man in the middle. The device will be transparent to the user. The user will actually connect into the honeypot instead of the actual wireless access. The honeypot will broadcast the SSID of the wireless location you are connecting to and you think it is legitimate.
The second way that the Pineapple works is to show that you are connected to a Wi-Fi hotspot without you actually being connected. In some cases, your mobile device will show connected to your home network and you are at work. This happens because when your mobile device tries to connect to Wi-Fi, the device broadcasts the network it is looking for. The Pineapple looks at this and then renames the SSID to the same as you are connecting to and you think you are connected to your home network.
Stop the Geek please and get to the reason I am still reading this.
I am almost done with the geek stuff but the process is as follows. You go to a Panera Bread for a meeting, connect to the Wi-Fi, leave and come back a week later. Now your phone is broadcasting looking for the Panera or any other network. The Pineapple device is running next to the person sitting next to you and you mistakenly connect to this hacking device instead of the Panera bread Wi-Fi.
Big deal right, still internet?
The Pineapple reports back through the interface as to which device is connected, which means the hacker can look around and see that you are working at a meeting and can break down all of your traffic and detect all of your passwords.
If you have your bank account open, you just gave this information to a hacker. If you have your corporate email account open, the password is sent over clear text. Now the hacker has your information into your personal account at the corporation and the business name and can now start the process of hacking your company.
Ok… So what can I do?
The processes of detecting Wi-Fi intrusions are relatively new. The industry trend is all going wireless and we will continue to be more mobile. What can you do about this? How can you prevent this from happening?
- Use your own Wi-Fi. Use an LTE wireless card.
- Know your surroundings. If you are in a public spot don’t use your regular browser or log in online. Open a second browser and use this to surf Yahoo News.
- Stay on secure sites. It is much more difficult to detect a password on a secure site. The secure sites do encrypt transmissions between the two points.
- Turn your Wi-Fi off when it is not in use.
Always protect your surroundings. Although this post seems to be more personal-based than business-based, we can help protect your business. If you want to help with Wi-Fi intrusion scanning alert IRIS Solutions, we can help.