A pineapple is more than just an affront to pizza lovers. It’s eaten in a variety of dishes, it’s leaves were once woven into a textile, it symbolizes hospitality and the Hawaiian Islands of the USA – and now it’s come full circle to spread it’s pizza-hating tentacles into the shadowy underworld of IT. It’s rather obvious that the writer is throwing some massive shade at the poor pineapple – but it’s most recent evolution (or at least the evolution of the name) might have even undiscerning Hawaiian pizza lovers cringing. What is a Wi-Fi Pineapple?
The Wi-Fi Pineapple is hardware originally created for Pen (network penetration testing) – designed to test for vulnerabilities, but as with all great cyber-security ideas, the concept has been turned on the users. The Pineapple exploits a device’s auto-connect feature (in your favorite coffee shop, lunch spot or co-working office lobby) to trick devices into connecting – thus launching a man-in-the-middle attack. What are MITM Attacks?
A man-in-the-middle attack can be done remotely through a combination of phishing and website spoofing but can also be executed in close proximity (enter the Pineapple), inserting the hacker between the user and their incoming and outgoing data, soaking up all information as it passes. Although this is a massive oversimplification, Norton
has a pretty comprehensive overview of MITM attack types available HERE
. How Widely Available is this Technology?
Widely. The first search performed for the creation of this article took the researcher directly to a page offering a Wi-Fi Pineapple for sale for $199 USD. Research into the Wi-Fi Pineapple brought up quite a few highly accessible sites designed to help even the most technologically inept hacker launch attacks. We aren’t going to list them here – but rest assured, we hit up at least 10 sites offering simplified attacking software and hardware designed to deploy attacks against a range of different devices in an array of different situations. In short, this tech is easy to get, easy to deploy and there is a massive amount of information out there on how to effectively use it. How do I Protect Myself?
USE A VPN! While many people are using Virtual Private Networks (VPN) to safely connect to their organization’s network, the average IT layman is in the dark. Essentially, a VPN provides a secure connection between your device and the internet. Always use a VPN when connecting to public networks – or every time you connect. Second, watch for warning signs. For example, if you see two public networks with the same name on your Wi-Fi options – there is something wrong. Do not click and hope for a quick and easy connection in public (airports, train stations, coffee shops, co-working offices). Next, don’t ignore website certificate warnings. We are all guilty of wanting that immediate access with no time for a stupid little warning box – but beware. There is a warning for a reason. Finally, or the frequent traveler or remote worker, consider investing in a personal mobile hotspot (don’t forget to setup a complex password!). About Sangfor Technologies:
Sangfor Technologies wants you to be connected, safe and productive. We offer world-class network security and cloud computing solutions to businesses with several products listed in the Gartner Magic Quadrant. Has your company, coffee shop or co-working facility deployed the type of network security it needs to keep you protected? Have you even asked the question? How easily do you think you could be hacked where you live and work?
Sangfor encourages readers to know the risks and demand the protection you deserve – at least at work. Guy Rosefelt, Director of International Product Marketing for Sangfor wrote “We need to require that standard systems and protocols be followed, as well as ensure that risk analysis be carried out for each system as it relates to any other system, no matter how tenuous.”
Visit us at www.sangfor.com
or encourage those who provide your internet connection to invest in your safety.
Founded in 2000 and a publicly traded company as of 2018 (SANGFOR STOCK CODE: 300454 (CH)), Sangfor Technologies is the global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing.