WiFi Pineapple Penetration-Testing Tool Sparks Interest at DEF CON
The Linux-powered small-form-factor device is designed to easily take over WiFi connections and manipulate the data flow.Many good open-source software tools are freely available for penetration testers (and hackers) for testing the security of WiFi networks and their users. Getting those tools to run on a given computer isn't always easy, and walking around with a notebook running WiFi penetration tools isn't exactly the right approach if you're trying to be discrete. That's where a device displayed at the DEF CON hacker conference last weekend comes into play and changes the game. The WiFi Pineapple is a small-form-factor Linux device that can discretely fit in a security researcher's bag, enabling the researcher to unobtrusively conduct a penetration-testing exercise. At a presentation in the Wireless Hacking Village at DEF CON, a researcher cut out the middle of a large textbook and hid the Pineapple inside.
Pineapple creator Darren Kitchen described the device and detailed new capabilities. Kitchen explained that the original idea to build the Pineapple came from a desire to port the open-source Karma WiFi attack program to the FON (a small Fonera router). The Pineapple has expanded since then and is now on its MarkIV hardware release, boasting a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack.
When asked what version of Linux was running on the device, Kitchen said to think of the Pineapple as being its own Linux distribution, based somewhat on the OpenWRT Linux router project.
Karma, which is at the core of the Pineapple feature set, essentially pitches itself across the wireless spectrum to all endpoint clients looking for an access point (much like any other AP). But there is a big difference, which may seem fightening to some. The way many modern desktop and mobile WiFi stacks work is they first look for past connections so the user can get onto the network quickly.