A Wi-Fi Pineapple is a wireless auditing platform from Hak5 that allows network security administrators to conduct penetration tests. With pen tests, ethical hackers seek out security vulnerabilities that a threat actor could exploit in the company’s system, network or infrastructure.
A Wi-Fi Pineapple can also be used as a rogue access point (AP) to conduct man in the middle (MitM) attacks. A MiTM attack is one in which the attacker secretly intercepts and relays messages between two parties that believe they are communicating directly with each other. The inexpensive price and friendly user interface (UI) enable attackers with little technical knowledge to eavesdrop on computing devices using public Wi-Fi networks in order to collect sensitive personal information, including passwords.
Uses of Wi-Fi Pineapple
The Pineapple was originally invented by engineers at Hak5 to perform pen tests and help network administrators audit network security. The AP, which some people think resembles a spider instead of a pineapple, enables network engineers to hack their own network in order to identify vulnerabilities and put mechanisms in place to strengthen the network against potential attackers.
When a Pineapple is used for pen testing, it is referred to as a honeypot. When a Pineapple is used as a rogue AP to conduct MitM security exploits, it is referred to as an evil twin or pineapple sandwich.
How the Wi-Fi Pineapple works
A Pineapple sits between the user's laptop and the network, inspecting the data that flows between the two. The Pineapple's controller intercepts the information being transmitted back and forth between the network and the wireless device that's using Wi-Fi. Wi-Fi Pineapple's web interface enables hackers to also use a Raspberry Pi instead of a laptop, a $35 alternative that is considerably less expensive than most mobile computing devices. The firmware is based on OpenWrt, an embedded Linux operating system (OS). The Wi-Fi Pineapple's storage is volatile unless the ethical hacker uses an Secure Digital (SD) card to make it persistent.
The Wi-Fi Pineapple is important specifically because its UI is easy to use, and it is fairly cheap. The suite of pen testing modules the Pineapple offers, called PineAP, is freely downloadable and includes tools for logging, reporting, tracking, reconnaissance and conducting MitM attack exercises.
It's a widely accessible device that can put some powerful hacking capabilities into the hands of some potentially unskilled threat actors. It is for this reason also that it is a beneficial tool in auditing security systems by ethical hackers. It is a powerful, accessible device that is either dangerous or helpful depending on the intent of the user. Just because the Pineapple is potentially dangerous to sensitive data doesn't mean it's inherently bad. While it's a tool that has the potential for abuse, it also has vast potential for preventing abuse.
Once the Pineapple connects to the network it is monitoring, it can project a fake service set identifier (SSID) that is similar to the real name of the network being monitored. Unless the end user checks her device's settings and happens to notice the rogue AP, the presence of the Pineapple will remain transparent to the user. The end user will still be able to access the internet, and she will have no reason to doubt the security of the network connection.
There is no apparent indication that someone is eavesdropping using a Pineapple. It is even possible to remain connected to the Pineapple while being physically removed from it because it is controlled remotely over the internet. Despite being out of the legitimate network's range, the targeted user could still appear connected because the Pineapple is still eavesdropping remotely.
This is potentially dangerous to anyone attempting to access or share any sensitive or confidential information over the internet. This applies not just to personal intrusion, but the hacking of corporations and governments as well.
Users should be aware of their location, check their Wi-Fi and determine whether it makes sense to be connected to the network that the device is currently connected to. For example, if the device is at work but connected to the user's home Wi-Fi, the connection might actually be to a fake SSID generated by a Pineapple.
How to avoid being hacked
- Be skeptical of public networks in general. Anyone can connect to them, and it is easy for a Pineapple to spoof their SSID. A Pineapple needs to be able to connect to the true network to be able to monitor traffic, so the easier that network is to connect to, the easier it is for a Pineapple to spoof it.
- Use a virtual private network (VPN). Having a VPN protects a user's device from transmitting its information to a Pineapple. A VPN encrypts the data before sending it to its destination, so even though the device may still connect to the Pineapple, the Pineapple cannot read the data being transmitted.
- Use a Long-Term Evolution (LTE) wireless network. Using wireless data enables the user to connect to the internet without using Wi-Fi, therefore eliminating the possibility that a user will connect to a fake Pineapple-generated SSID.
- Use a website with Hypertext Transfer Protocol Secure (HTTPS) encryption. Many sites have their own encryption to protect users who visit them. This is denoted by a lock icon in the left-most position of the web address bar. It is also denoted by HTTPS, as opposed to HTTP, in the Uniform Resource Locator (URL).
- Turn off Wi-Fi functionality. When not using Wi-Fi, turn it off to keep it from searching automatically for networks to connect to.
Hak5 began in 2005 as a podcast and is now known for its YouTube videos and podcasts about security and technology. Hak5 security and network content are complemented by sister shows HakTip, ThreatWire, Metasploit Minute and TekThing. The company is also known for its information security (infosec) technology store that sells pen testing equipment, including the Wi-Fi Pineapple, which was first introduced in 2008.