In the world of security penetration testing, researchers often rely on stealth and deception when testing a target. At the Defcon security conference in Las Vegas, a new level of penetration testing deception was demonstrated Aug. 8 with a WiFi hacking device that could be hidden in what appears to be a standard carbon monoxide detector casing.
The WiFi penetration device in question is known as a Pineapple, developed and built by Hak5. At Defcon 2014, Pineapple developers Darren Kitchen and Sebastian Kinne demonstrated the new Pineapple Mark V hardware, including new firmware and a new casing for deception. Kitchen and Kinne are no strangers to Defcon and had demoed the Pineapple Mark IV device at the 2013 event.
“People use open WiFi networks a ton, and lots of people now bring their own devices to work,” Darren said. “As a penetration tester, it all makes it more interesting for us.”
The Pineapple is a small-form-factor device that runs on Linux and is loaded with tools to help enable penetration testers to gain access to the WiFi networks of their targets. The new Mark V device improves on the predecessor Mark IV device by including both the Atheros AR9331 and Realtek RTL8187 wireless chipsets.
Hardware alone isn’t what makes the Pineapple really powerful; the newly updated software provides users with enhanced capabilities. With the prior releases of the Pineapple, the open-source Karma tool was one of the primary ways to trick a target into connecting to the Pineapple. In a Karma attack, the Pineapple listens in for WiFi clients that are looking for access points with which they have previously connected. So, for example, if a user has ever connected to an access point named “coffeshop,” in a karma attack the Pineapple will claim to be “coffeshop” so the user will connect.
Now with the Mark V, there is a new application called PineAP, which complements Karma and provides new ways to attract victims to connect to the device. The PineAP is software built by Kitchen and Kinne that takes full advantage of the two wireless chipsets on the Pineapple Mark V.
With a Karma attack, a target WiFi client still needs to choose the access point with which they want to connect. PineAP changes that model by enabling a penetration tester with a suite of tools that allows targeted testing against a specific end point.
As part of the new Mark V software, there is also a technology called Harvester, which can enable a Pineapple penetration tester to collect all the WiFi access point names that client machines are looking for in a given area. The new Dogma tool for the Pineapple Mark V then enables a penetration tester to take the access point names that were collected and target specific names.
The Ominous Box
To complement the new hardware and software, Hak5 has developed the new Ominous Box as an optional case in which the Pineapple Mark V can be deployed. The Ominous box looks much like a common carbon monoxide detector.
“Who will be the [jerk] that unplugs a CO monitor at a client site?” Kitchen said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.