ADVERTISEMENT

WiFi Pineapple: a WiFi attacker’s pocket-sized superweapon

What you’re about to read is an expansion of an earlier article I wrote, ‘The powerful cyberweapons that can fit in your pocket.’ In this same theme, the WiFi Pineapple is a pocket-sized device that can broadcast a rogue access point. From there, the world of IEEE 802.11 is your oyster.

WiFi pineapple
Jesse William McGraw
Jesse William McGraw Contributor
Sep 30, 2024 Updated: 30 September 2024 7 min read

Man-in-the-middle attacks and legality loopholes

Evil Twin and Pineapple sandwich attacks

Pineapple sandwich via de-authentication exploit

ADVERTISEMENT

DNS Hijacking

Examining your DNS cache

SSL stripping and session hijacking

How to defend against the Pineapple

  • Disable automatic WiFi connections. That way, when an attacker is running a rogue AP and has de-authenticated your wireless client from your network, you don’t automatically reconnect – to a malicious clone.
  • Use a VPN! I’m serious about this. If you’re on a compromised wireless network and you aren’t using a VPN to encrypt your traffic or protecting your online transitions and logins, it’s only a matter of time before you learn the hard way. Using a VPN will protect your data from being transmitted to the WiFi Pineapple.
  • Use DNS security. Use DNS over HTTPS (DoH) or DNS over TLS (DoT) to encrypt your DNS queries and responses. This preventative measure will halt DNS hijacking attacks.
  • Monitor WiFi networks with a Wireless Intrusion Detection Systems (WIDS). Implementing these will detect and notify you of any rogue APs and strange WiFi activity since they can monitor the surrounding 802.11 airwaves for unauthorized devices and unusual activities.
  • Implement MAC address filtering to set permissions restricting which devices are authorized to connect to your network. This isn’t a foolproof solution since MAC addresses can easily be spoofed.
ADVERTISEMENT