While not as well-known as other threats like phishing and ransomware, Wi-Fi Pineapple cyber-attacks can compromise the data of unsuspecting individuals and organisations just as fatally.
A Wi-Fi Pineapple is a physical device that cybercriminals can use to steal data transmitted through public and unsecured Wi-Fi networks. However, it was not originally meant to be a tool that facilitates cyber-attacks; instead, it was created by Hak5, a developer of hacking tools, to assist in network penetration testing.
A penetration test is an authorised attempt to hack into an organisation’s system, network, and applications to identify and rate the risks of its exploitable vulnerabilities. When a Wi-Fi Pineapple is used to test a network, it is called a honeypot, or a network-attached system which lures criminal hackers into attacking it. This allows cybersecurity teams to analyse, detect and avert the attacks.
Using a Wi-Fi Pineapple device for attacks interests malicious actors because of the affordability of such a method; the Wi-Fi Pineapple can be bought for around $100 on Hak5’s website, and can be set up in around 15 minutes. Its related modules and plugins, called PineAP, are also freely downloadable. Finally, it can even be operated by unskilled hackers with little formal training to launch basic attacks.
As of today, Wi-Fi Pineapples are mainly used in fake HTTPS, man-in-the-middle (MITM) and spoofing attacks by cybercriminals. What’s more, this threat to organisations has risen on account of the New Normal; given that many organisations now rely on either remote or hybrid work arrangements, it is even more common for people to work outside their office and home, in public places such as coffee shops, malls, libraries, or airports. With online security not at the forefront of most workers’ priorities, they would also hardly have reservations about using public and free, but possibly vulnerable, Wi-Fi.
Wi-Fi Pineapple is primarily used for three common cyber-attacks:
HTTPS is used to encrypt data and secure websites. This internet protocol ensures secure communication over a computer network and thus, provides website users robust data protection. Sites that collect confidential and personal information, such as e-commerce and government websites or video conferencing platforms, need to use HTTPS. However, since the majority of people do not include ‘HTTPS’ when typing URLs, cybercriminals can take advantage of this practice to direct HTTP requests from the legitimate HTTPS server to their Pineapple, removing the layer of security that encrypts and protects a user’s data. The only difference that affected users may notice is the absent ‘lock’ icon on the left end of the URL bar.
The Wi-Fi Pineapple allows cybercriminals to eavesdrop on people’s online activity while they are connected to a public and unsecured Wi-Fi network. This attack can happen through configuring the Pineapple to appear as the Wi-Fi network that users believe is the legitimate one. As such, users are tricked into connecting to the fraudulent network that lets hackers capture shared data passing through it. Unfortunately, there is no direct way for a person to determine if they have connected to a real public Wi-Fi network or a fake one set up by the Wi-Fi Pineapple.
An evil portal escalates a man-in-the-middle attack; cybercriminals take the deception a step further by creating authentic-looking copies of actual websites. Users trying to connect to the original site are unknowingly redirected to its fraudulent counterpart instead. This set-up makes it even easier for threat actors to steal login credentials, credit card details, and other sensitive information individuals typically input into the original site.
It is beneficial to observe the following network and corporate cybersecurity practices to protect your organisation against Wi-Fi Pineapple attacks:
Advise your organisation’s employees to remain cautious towards using public Wi-Fi. As anyone can connect to such Wi-Fi networks with little hassle, it is just as easy for a Pineapple to do the same and monitor network traffic. The rule of thumb to follow is to simply connect to Wi-Fi networks that are known and trusted.
Another critical point to reinforce to employees as part of their cybersecurity training is that they should turn off their Wi-Fi functionality when it is not required. This prevents their Wi-Fi-enabled devices from automatically searching and connecting to any available networks in the vicinity, such as one created by a Wi-Fi Pineapple.
If employees have no other option but to use a public Wi-Fi network for work, they can take these next few steps to protect themselves from a Wi-Fi Pineapple attack:
• Keep a look-out for and do not connect to suspiciously named networks like “Free Wi-Fi” and networks named after famous franchises like hotel chains.
• Avoid using apps or visiting websites that collect sensitive information, such as banking or healthcare-related platforms, while one’s devices are connected to a public Wi-Fi network.
• Check the URL of any entered websites to see if they use “HTTPS”, which ensures that one has not been redirected to a cybercriminal’s Pineapple.
• Configure one’s devices to ‘forget’ a network upon disconnecting from it. Doing so will prevent such devices from broadcasting the SSIDs of networks they were connected to in the past, such that a Wi-Fi Pineapple is hindered from spoofing the SSIDs.
It is recommended that your organisation’s employees use a virtual private network (VPN) when connected to a public and unsecured Wi-Fi network. A VPN basically encrypts data before sending it to its destination. Hence, even when an employee has unintentionally connected their work device to a Pineapple network, the Wi-Fi Pineapple device cannot read the information they transmitted.
Or, instead of using a VPN in conjunction with public Wi-Fi, employees can use a Long-Term Evolution (LTE) wireless network. This allows them to connect their devices to the Internet without even using Wi-Fi and eliminate the possibility of having any critical data compromised by a Wi-Fi Pineapple.
It is critical for your organisation to install protective softwares to ensure it is prepared for and well-guarded against various types of cyber threats, which includes Wi-Fi Pineapple attacks. For all applications, operating systems (OS), internal software and network tools, ensure that they are up-to-date and that their latest security patches have been downloaded. It is just as wise to have a firewall programme; it defends your open ports against Wi-Fi Pineapple attacks, ransomware and malware by monitoring and managing network traffic based on a set of pre-established security rules. Additionally, scheduling regular back-ups of all organisational data stored on your corporate network and employees’ work devices will minimise the disruption that a Wi-Fi Pineapple attack can cause to business operations. Finally, have your IT team conduct regular scans for unauthorised Wi-Fi hotspots within your work perimeter, which aids the detection of Wi-Fi Pineapples.
These days, cybercriminals leverage an expansive attack surface to access or steal sensitive data from their targets. The Wi-Fi Pineapple device is an excellent example of how growingly easy it is for even an amateur attacker to compromise users’ data and systems, when powerful hacking tools are at their disposal. Thus, there must be a consistent and rigorous effort on the part of organisations to secure their systems and data. For instance, it is recommended that companies engage cybersecurity agencies that offer pen tests in Singapore to identify exploitable vulnerabilities in their network. Their internal IT team can then patch up these critical weaknesses before they gain the attention of malicious threat actors.
At GROUP8, we understand the need for robust cybersecurity measures amidst today’s growing cyber threats. To this end, we offer an entire ecosystem of offensive-inspired cybersecurity solutions, including Singapore phishing detection services, blockchain security, smart contract audits, and CREST-certified penetration tests to protect your business and employees. If you are searching for a trusted and industry-leading cybersecurity service provider, do contact us at hello@group8.co.