Pineapple Hacking Device Resembles a Carbon Monoxide Detector
A WiFi hacking device that could be hidden in what appears to be a standard carbon monoxide detector casing was demoed at Defcon.In the world of security penetration testing, researchers often rely on stealth and deception when testing a target. At the Defcon security conference in Las Vegas, a new level of penetration testing deception was demonstrated Aug. 8 with a WiFi hacking device that could be hidden in what appears to be a standard carbon monoxide detector casing. The WiFi penetration device in question is known as a Pineapple, developed and built by Hak5. At Defcon 2014, Pineapple developers Darren Kitchen and Sebastian Kinne demonstrated the new Pineapple Mark V hardware, including new firmware and a new casing for deception. Kitchen and Kinne are no strangers to Defcon and had demoed the Pineapple Mark IV device at the 2013 event. "People use open WiFi networks a ton, and lots of people now bring their own devices to work," Darren said. "As a penetration tester, it all makes it more interesting for us." The Pineapple is a small-form-factor device that runs on Linux and is loaded with tools to help enable penetration testers to gain access to the WiFi networks of their targets. The new Mark V device improves on the predecessor Mark IV device by including both the Atheros AR9331 and Realtek RTL8187 wireless chipsets. Hardware alone isn't what makes the Pineapple really powerful; the newly updated software provides users with enhanced capabilities. With the prior releases of the Pineapple, the open-source Karma tool was one of the primary ways to trick a target into connecting to the Pineapple. In a Karma attack, the Pineapple listens in for WiFi clients that are looking for access points with which they have previously connected. So, for example, if a user has ever connected to an access point named "coffeshop," in a karma attack the Pineapple will claim to be "coffeshop" so the user will connect.