Rogue Device Spotlight: WiFi Pineapple
How often the rogue device is used in the wild to conduct real-world attacks, with 1 being the rarest, 10 being widely used.
The WiFi Pineapple is the rare device that has been commercialized without losing its core base. Used both for rogue activities and for penetration testing, the WiFi Pineapple is the standard by which many rogue devices are measured.
The cost or “DIY burden” of the device, availability (ease of acquisition), and degree of skill necessary to deploy/operate the device. 1 is expensive/difficult to build, not publicly available, and requiring deep technical expertise to operate; 10 is low-cost, available for purchase online, plug-and-play operation.
Simplicity is one of the Pineapple’s draws: with a fairly intuitive UI and an incredibly robust series of tutorials, it can be used out of the box by nearly anyone with minimal experience and the help of the Internet.
The potential damage caused by successful execution of the attack, with 1 being exposure of trivial information from the target, 10 being organization-wide, superuser-level compromise or equivalent.
While the Pineapple has the ability to cause some serious damage when used by a pro, more often it is used for simple demos and scripted attacks. The weak CPU and embedded OS severely limits the ability to perform many attacks and raise the required skill level to perform advanced attacks, which in our eyes lowers the potential impact.
Originally released back in 2008, the WiFi Pineapple from Hak5 is one of the oldest mass-market rogue devices, and has since inspired numerous clones and variations. Unlike some devices which have been shoehorned into their roles as penetration testing devices, the WiFi Pineapple was designed from the ground up for WiFi security work; with custom hardware, software, and intuitive web interface.
The WiFi Pineapple is especially well suited for use as a rogue access point, with specific focus on Man-In-The-Middle attacks (MITM), via its “PineAP” feature. The WiFi Pineapple also offers an open API for the creation of community developed system plugins known as “Infusions”, and even includes an “Expansion Bus” and Arduino-based hardware development kit for hardware attacks and interfacing with other devices.
WiFi Pineapple: Hardware Specifications
- CPU: Atheros AR9331 SoC @ 400 MHz
- RAM: 64 MB
- ROM: 16 MB
- OS: Modified OpenWRT
- I/O: Ethernet, USB, Serial TTL, Expansion Bus
- Radios: Atheros AR9331 802.11 b/g/n, Realtek RTL8187L 802.11 b/g
- Storage: Up to 32 GB MicroSD in FAT/EXT
WiFi Pineapple: Photos
WiFi Pineapple: Hands-On
The WiFi Pineapple has gone through several revisions since its original release in 2008, the most recent being revision 5. You don’t go through so many versions of a device without straightening out some kinks, and the WiFi Pineapple certainly shows it. From the custom manufactured hardware (a rarity in this era of cheap commodity Linux devices) to the slick and modular web interface, the WiFi Pineapple definitely has the feel of a polished and professional device.
Of particular note is the very clever use of physical DIP switches on the side of the device. In the web configuration there is a page that lets the user configure commands to be executed on boot depending on the position the switches are in. So for example, you could set one combination of switches to automatically launch attacks against WiFi networks in the area, and another combination of switches to simply log WiFi networks passively. Then it’s just a matter of starting the WiFi Pineapple up with the switches in the appropriate position to choose which mode you want to operate in, no computer needed. Being able to control the WiFi Pineapple without needing to connect to it from another device is a huge boon, though it is hampered by the fact you need to fully shutdown and then restart the device for the switches to take effect.
The hardware development kit that plugs into the expansion port seems like a good idea, but in practice, it doesn’t do anything you couldn’t already do with a standard Arduino plugged into the USB port. Hak5 says hardware expansions (such as an LCD display) could make use of the expansion bus in the future however, so it may yet prove its worth.
Having dual WiFi radios with external antennas is brilliant, and perhaps even the defining feature of the device. Not only are there two of them, but the Hak5 team did their homework and made sure to use the best supported WiFi chipsets. This provides the system with stable monitor and injection modes, which is absolutely critical for many tasks.
If there’s a downside to the WiFi Pineapple’s hardware, it’s surely the underwhelming computational performance. A 400 MHz MIPS SoC with 64 MB of RAM just doesn’t cut it, not when boards like the Raspberry Pi can run circles around it for approximately $35. The WiFi Pineapple attempts to make up for the miniscule amount of RAM onboard by automatically adding a swap partition to the MicroSD card, but that’s more like prolonging the suffering than providing a solution.
But it isn’t that the processor in the WiFi Pineapple is just objectively “slow”, the bigger problem is that in this case the hardware has dictated the operating system the device has to run. Rather than a full Linux distribution, the WiFi Pineapple is running a modified version of OpenWRT, an embedded Linux distro designed for routers.
With years of experience behind them, Hak5 has designed what is arguably the yardstick by which other rogue devices are measured. The WiFi Pineapple is highly portable, exceptionally easy to deploy, and is affordable at just $100.