Forgot your password?
typodupeerror
Security Wireless Networking

Wi-Fi Pineapple Hacking Device Sells Out At DEF CON 132

Posted by Unknown Lamer
from the but-it-doesn't-taste-like-a-pineapple dept.
darthcamaro writes "At the recent DEF CON conference over the weekend, vendor were selling all kinds of gear. But one device stood out from all the others: the Wi-Fi Pineapple — an all in one Wi-Fi hacking device that costs only $80 (a lot cheaper than a PwnPlug) and powered by a very vibrant open source community of users. Pineapple creator Darren Kitchen said that 1.2 Pineapple's per minute were sold on the first day of DEF CON (and then sold out). The Pineapple run Linux, based on OpenWRT, is packed with open source tools including Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep, and more and is powered by g a 400MHz Atheros AR9331 MIPS processor, 32MB of main memory and a complete 802.11 b/g/n stack. Is this a tool that will be used for good — or for evil?"
This discussion has been archived. No new comments can be posted.

Wi-Fi Pineapple Hacking Device Sells Out At DEF CON

Comments Filter:
  • by fuzzyfuzzyfungus (1223518) on Monday August 05, 2013 @11:09PM (#44483297) Journal

    I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.

    • by Anonymous Coward

      can be used for both good and evil at the same time.

      What's the difference?

      • by Opportunist (166417) on Monday August 05, 2013 @11:48PM (#44483449)

        Interpretation.

      • Perp or victim?

      • by Thanshin (1188877)

        The difference in distance from yourself of the people favored and unfavored by the action.

        Which is closed differentiates good and evil.
        The shorter the distance, the greater the evil and the smaller the good. And vice versa.

    • by schnell (163007) <[me] [at] [schnell.net]> on Tuesday August 06, 2013 @01:33AM (#44483769) Homepage

      vendor were selling all kinds of gear.

      1.2 Pineapple's per minute were sold

      The Pineapple run Linux, based on OpenWRT, is packed with open source tools

      I, for one, am imagining a world where a Slashdot "editor" can parse the English language and fix typos. Blows my mind, but there it is.

    • I, for one, am imagining a world where a large number of mass-produced devices, sold to a large number of different parties, can be used for both good and evil at the same time. Blows my mind; but there it is.

      gooevil (goo-we-vil) adjective:
      good and evil at the same time

      This will vastly improve the communication accuracy of Professor Hubert J. Farnsworth (e.g. "Gooevil news everyone!")

      Well done sir!

  • "Yes" (Score:3, Interesting)

    by Anonymous Coward on Monday August 05, 2013 @11:15PM (#44483331)

    Is this a tool that will be used for good -- or for evil?

    There is only one answer to this: Yes. Yes it will.

    Too bad packing its functions up in an easy appliance means it now no longer has anything to do with "hacking" at all. You aren't a "hacker" if all you do is run some appliance.

    Might as well call yourself a master baker for using a bread baking machine... or even a toaster. Well, no, no you aren't.

    That the security industry claims otherwise means that they are deluding themselves... and us. We're not getting our money's worth in security out of their efforts. But we do get nice toaster equivalents, complete with instant "hacker" label. Nice, innit?

    • Re:"Yes" (Score:5, Interesting)

      by Opportunist (166417) on Monday August 05, 2013 @11:54PM (#44483473)

      It kinda hurts to admit it, but yes, you're right. Most of the security industry is a bunch of charlatans who are unable to produce more than cheap tricks to impress those that know even less than they do.

      Every time we're about to hire some security consultants (which we have to, regulations require us to have my security system tested by outsiders) I kinda think I know how Penn&Teller feel when they host "Fool us". Only that the amount of half-talented stage magicians who show off ancient tricks is way higher for me.

      • by Tom (822)

        And what stops you from sticking with the good ones?

        It really is the same in every professional career. You hear much the same about lawyers, doctors and mechanics - the good ones are hard to find. In IT security, it is comparatively easy, just check what they publish.

        • Sadly, it's kinda hard to convince Bruce to fly over to Europe at a rate my boss is willing to pay...

          • by Tom (822)

            Contact me by mail (tom@lemuria.org) and tell me which country you're in. I am in Germany and I have a couple contacts to pretty good people in several european countries. And if they can't help, they can point you onwards.

      • by laffer1 (701823)

        Not only do I agree with you, but I have an example. Many years ago, I worked at an ISP as a sys admin. It was very early in my career. I had no college experience, and I was starting to learn to program and administer servers.

        We were hired by a credit union as security consultants. They needed an audit of their new online banking system. The first thing I did was run Retina against their public server and a few script kiddie tools I had. I found that they had no firewall, an open SQL Server with no sa

    • Might as well call yourself a master baker for using a bread baking machine... or even a toaster. Well, no, no you aren't.

      Call myself a toaster? Sure; why not?

  • by Artea (2527062) on Monday August 05, 2013 @11:36PM (#44483407)
    Instead of wireless enabled fruit, device is actually just some plastic and electronic bits. I was under the impression this device would be concealed in a pineapple for stealth hacks. (Nobody suspects the fruit with an antenna)
    • by 93 Escort Wagon (326346) on Monday August 05, 2013 @11:44PM (#44483435)

      (Nobody suspects the fruit with an antenna)

      This was conclusively proven in a Hogans Heroes episode - except it was a WW2-era walkie-talkie hidden in a potted plant.

      • by Anonymous Coward

        I am really not sure what is funnier:

        1. "conclusively proven in a Hogans Heroes episode"
        2. the Insightful mods that followed
        3. "Pineapple" was the nickname for a US handgrade
        4. This all rode in on a 93 Escort Wagon

      • what! I wanted a wireless enabled fruit! I mean Apple has never produced any wireless or wired apples. Just things with apples on them. A red, apple shaped router would have been awesome and a conversation piece. Just think no one would suppect hacking with a pineapple sitting beside your laptop. (they would just you are crazy in starbucks. Damn, there is the perfect wifi hacking toolcase. A starbucks mug!)

      • by Minwee (522556)

        I was also disappointed by that, but then realized that it is small enough that, with a little creativity, you could put it _inside_ a pineapple.

        Cooling might be a minor problem, and the smell of Hawaiian pizza may tip people off to the illicit contents of the fruit basket which was just delivered, but at least it wouldn't need a pineapple-shaped sticker to justify its name.

    • Talk about a security device going bad...

    • Funny... when I heard it was called a pineapple, I presumed it looked like this:
      http://en.wikipedia.org/wiki/File:MkII_07.JPG [wikipedia.org]
      Of course, that's not going to help for stealth; I think anyone seeing one of those lying around is probably going to notice, duck and run (and then call out the bomb squad).

  • by TubeSteak (669689) on Monday August 05, 2013 @11:42PM (#44483423) Journal

    Going a step further, if a Pineapple user is inside a coffee shop (or office location), the research can execute what is known as a "deauth" attack, essentially disconnecting the end user from legitimate access point, then reconnecting him or her to the Pineapple.

    However, some security experts say that weaknesses in WiFi and user behavior need to be identified and weeded out in order to make organizations more secure. If the Pineapple is able to help security researchers do that, they say, than it will improve security for us all.

    As a user, how the fuck can my behavior be modified to deal with a deauthorization attack?
    WiFi has become so stupid simple to use that it leaves us vulnerable, despite all the encryption in the world.

    • by Anonymous Coward

      Use a VPN. Either a paid one or a home one will do. If your connection is encrypted to a known safe point (the VPN provider), then it doesn't matter that they can sniff your traffic. This is why I have my machine set up to disconect from wifi when it can't connect to my VPN.

      Mind you, this isn't a solution to the problems of WiFi, but is a solution to that particular attack.

    • by Opportunist (166417) on Tuesday August 06, 2013 @12:02AM (#44483495)

      Some? SOME? Most of them are!

      Old joke: You can tell by how the techs three-piece suit fits whether he's a hack: If he wears one, he is.

      But seriously, it's by no means short of frightening how many quacks and hacks (and I don't mean that as a compliment...) litter the field. Which is quite logical if there is little if any reputable and generally accepted (especially amongst management) certification system. And don't come with things like CISA and the like, I am not looking for a security manager, I'm looking for someone who can actually test a security implementation, not design it.

      Now add that the average manager knows little beyond how to plug some device relatively accident free into some hole on his computer and you can easily see how knowledge free idiots who can navigate the surfaces of some "hack tool" (I'll use the term loosely here) can convince said managers that they are "security experts". In the kingdom of the blind and so on...

      • by sjames (1099)

        The problem is the delusion that managers don't need to know anything about what they manage. It's created a class of basically worthless MBAs that nevertheless get paid more than the people who have a clue what's going on.

        • Reminds me of something I saw a while ago during a job interview.

          Applicant: Well, what do you do here, anyway?
          Boss (surprised): You don't know? You want to work here, right?
          A: A good manager can manage everything, no matter what.
          B: And a good manager also knows that he should do his homework before getting into a meeting. Thanks for your time, no need to call. NEXT.

  • ...or just disable auto-join.

    Keep an eye out for DEFCON 21 t-shirts in your local coffee shops this next week...

  • 3rd Man: You could stand and scream for help.

    Sergeant: Yeah, you try that with a pineapple down your windpipe.

    3rd Man: A pineapple?

    Sergeant: Where? Where?

    3rd Man: No I just said: a pineapple.

    Sergeant: Oh. Phew. I thought my number was on that one.

    3rd Man: What, on the pineapple?

    Sergeant: Where? Where?

    3rd Man: No, I was just repeating it.

    Sergeant: Oh. Oh. I see. Right. Phew. Right that's bananas then. Now the raspberry. There we are. 'Armless looking thing, isn't it? Now you, Mr. Tin Peach.

  • by evilviper (135110) on Tuesday August 06, 2013 @12:10AM (#44483519) Journal

    I can see buying one for the convenience of having all the software pre-installed for you, but the specs for the hardware aren't any different than a dozen home WiFi routers, which can run OpenWRT and sell for $40 [amazon.com].

    I'd think giving those aging home routers a second life as security tools would be better than everyone buying another new product for twice the price, and eventually throwing both away. I recently added a USB sound card on mine, for use as a streaming audio player.

    • by Demonantis (1340557) on Tuesday August 06, 2013 @02:28AM (#44483929)
      I have met Darren. He is a pretty decent guy. The hardware isn't what people care about. Its the software package it comes with. You can basically mitm wifi cards. Its based off of Jasager so anyone can do it. He did a show about setting one up. Its just lazy people buying the whole kit and he probably sold out cause he was selling them at a discount. This isn't news in any regards though. These have been around for years. Last time I saw one it was white. Hak5 finally getting a wikipedia page that would be news.
      • So this peaked my interest in putting together one of the new pineapples. The router they use is here; http://www.data-alliance.net/servlet/-strse-642/Alfa-AP121U-802.11n-AP-fdsh-Router/Detail [data-alliance.net]. About $46. Although anything with a Atheros AR9331 I think would work. You also have to have a JTAG for it.
        • by evilviper (135110)

          *piqued*

          I'm not usually a pedant, it's just that your wording broke my brain for a good 5 minutes...

    • by drinkypoo (153816)

      Of the ten or twelve routers I've bought over the years, only one has had a USB port and it doesn't run Linux. Most of us don't have a useful AP with USB just lying around, even if we are enthusiasts.

      • by evilviper (135110)

        Most of us don't have a useful AP with USB just lying around, even if we are enthusiasts.

        A decent number of people here specifically look for routers that can run some kind of Linux firmware before buying. There's really no reason NOT TO these days, since they're just as cheap as the worst junk hardware. And it's a great fail-safe even if you don't plan to use it, as you're in good shape even if the manufacturer's software is complete junk (like that D-Link).

        • by drinkypoo (153816)

          A decent number of people here specifically look for routers that can run some kind of Linux firmware before buying. There's really no reason NOT TO these days, since they're just as cheap as the worst junk hardware.

          Well, my reason not to has been that I didn't have a cellphone with data, and I buy most of my APs at yard sales. But now I do (albeit GPRS) so I can look up router compatibility...

    • by AmiMoJo (196126) *

      The problem with buying random routers off eBay is you never know what you are going to get. Linksys are the worst, often having several very different hardware revisions under the same model number. As such you can't be sure if the one you buy will have the chipset you are expecting, and thus be able to run all the exploits you want and so forth.

      For the sake of simplicity I don't think $40 for a guaranteed working and pre-installed solution is at all bad. If you waste an hour with your off-the-shelf router

  • by Hognoxious (631665) on Tuesday August 06, 2013 @12:31AM (#44483595) Homepage Journal

    1.2 Pineapple's

    Their what?

      • the vendor were
      • Ngrep, and more
      • powered by g a 400MHz Atheros
      • by Anonymous Coward

        Not seeing your point about the second one. Comma is optional. That is the problem with prescriptive grammarians - half the time they themselves don't understand the rules they try to force on people.

  • I hope it can be used for evil, because "good" these days amounts to a circle jerk with NSA, DEA debauchery. Your privacy is yours to own, and if other people begin to realize how screwed they are maybe they will choose a better path.

  • by spinkham (56603) on Tuesday August 06, 2013 @01:19AM (#44483723)

    Sure, get your wifi pineapple, but I've already got a wifi pineapple buster [wordpress.com].

  • Old news, they have had wireless devices in coconuts for years. Maybe they are expecting better antenna diversity from the rough end of the pineapple, I dunno.
    See, http://goo.gl/VoirWo [goo.gl]

  • by Tom (822) on Tuesday August 06, 2013 @02:49AM (#44484007) Homepage Journal

    Is this a tool that will be used for good â" or for evil?"

    Both, like any tool. Next question.

  • I don't know anything about this type of device, but looking in from the outside, the question springs to mind "How is this legal?"

    It's for hacking into networks, right? Isn't that against the law, like, EVERYWHERE? It says "Stealth Access Point for Man-in-the-Middle attacks" - that sounds illegal. It also says "Easily concealed and battery powered " - nothing dodgy going on there!

    How can this be used for good? Maybe a few people may use it to test the security of their network, but that's clearly not w

    • by N1AK (864906)
      It's perfectly legal to use it with permission. Now we can debate just how likely it is that it's main market is for people who are only going to use it, with permission, to test security and demonstrate security risks, but it does have a legitimate legal use. Should we be able to ban products because a lot of their use will be to do something illegal? What threshold should we set? How do you observe and measure the proportions?

      Ban it and someone will release a blank version with the ability to download
      • If that's the case, then why not sell bombs in kit form at the show?

        It looks like they sold out because they were ready made and you could just pick one up. I doubt a lot of these people would have got one if they had to research it, buy parts, build it, etc.

        I can understand government and professional organisations having things like this, but not for them to be unregulated and available to buy from a stall. It seems crazy to me.

      • Yes, very good.

        But if the book was actually called a "Terrorist Training Handbook", you might have a point, but the hacking thing is advertised as a device to hide on yourself and to hack with.

  • Retro 2008 (Score:4, Informative)

    by chill (34294) on Tuesday August 06, 2013 @05:19AM (#44484519) Journal

    Wow. This was news when they were released back in 2008. It is interesting to see the devices becoming popular again.

    Back in the day they were demoed by putting the little unit and batteries in a novelty plastic cup shaped like a pineapple. The lid had a hole for a straw that was just the right size for a wifi antenna.

    You can buy those cups on Ebay and in party stores.

That does not compute.

Working...