AUSTIN, Texas–Darren Kitchen spent this weekend walking around the SXSW festival with an unobtrusive but relatively evil red box attached to his backpack: it impersonated Wi-Fi networks in hopes of convincing laptops, phones, and other wireless devices to connect to it.
Kitchen’s hot-spot honeypot worked. During just a few minutes in the lobby of the Omni Hotel here, he disrupted dozens of Wi-Fi connections and rerouted them to his own “network” that replaced all Internet pages with a video of the Nyan Cat kitten flying through space. Someone with malicious intent could have done far worse.
Kitchen, founder of Hak5, says the WiFi Pineapple Mark IV box highlights the security flaws of the way Wi-Fi has been implemented. There’s also a privacy flaw. Currently, Wi-Fi devices broadcast the list of open Wi-Fi networks to which they previously connected–meaning an astute observer may be able to tell where the owner works and socializes.
His five tips for how to prevent your Internet connection from being hijacked by someone with the WiFi Pineapple Mark IV (available for purchase for $89.99):
1. Turn off Wi-Fi
If Wi-Fi isn’t enabled, there’s no privacy or security risk. Use a 3G or 4G USB stick instead. Or, on a laptop with a wired Ethernet connection, use that.
2. Avoid open Wi-Fi networks
“For the most part I tell people: avoid open Wi-Fi altogether,” Kitchen says. If you do use Wi-Fi, stick to networks that are WPA-encrypted with a password. The WiFi Pineapple Mark IV can’t impersonate those.
3. Use a VPN
If you do decide to connect to an open network, use a VPN or SSH tunnel to give yourself additional security. But even then, an attacker can interfere with the Wi-Fi connection by sending a false deauthentication frame. “It looks like it came from the legit Wi-Fi network,” Kitchen says. “I could piss you off and maybe you’d go unencrypted” by disabling the VPN and making the connection vulnerable.
4. Change your Wi-Fi settings
If your Wi-Fi settings are changed so your computer (or phone) no longer remembers previous open networks it connected to, that will help. It will also protect your privacy because the names of stored networks will no longer be broadcast. On a Mac under OS X, for instance, go to network settings, and under advanced, turn off “Remember networks this computer has joined.” Also erase the list of “Preferred networks.”
5. Ask your manufacturer to fix the problem
Should your phone really trust that an airplane-based Wi-Fi network is legitimate when it shows up at a conference or hotel? Probably not. Adding security through geolocation or making sure the MAC addresses are the same are some options that manufacturers could choose. But there’s been little movement toward an industry wide fix.