Hackers, The WiFi Pineapple, and Small Business

WiFi-enabled devices are now a part of our everyday lives. Think about it, what isn’t WiFi-enabled in your life? From our cars to our coffee pots, the Internet of Things (IoT) has taken over the world.

Along with the growth of WiFi-enabled devices comes a greater number of entry points for hackers to infiltrate. Smart devices, in many cases, can give hackers what’s known as “backdoor” access to personal information, sensitive data, bank accounts, and more.

Hackers can sneak into your device and steal your information all because you logged into your account(s) on a WiFi network. If your mind isn’t blown yet, wait until you read how they do it.

What Is the WiFi Pineapple?

This isn’t a WiFi fruit salad. This Pineapple is a “middle-man,” so to speak.

Pineapple devices are usually small-discreet boxes with wireless antennas. Those antennas search for access points (AP) or WiFi routers to imitate. Once imitated, they send out stronger signals which prompt your device to select it as your WiFi choice.  

Let’s use Starbucks WiFi as an example. You’re looking for WiFi and notice a strong Starbucks WiFi signal, even though there aren’t any Starbucks around. That could be a Pineapple device imitating a signal that people trust.

Or, even scarier: you’re IN a Starbucks and notice two WiFi networks. One is called “Starbucks WiFi,” and the other is named “Free Starbucks WiFi.” Which one is the real Starbucks WiFi? Connect to the wrong one, and hackers can now monitor your Internet traffic. Once they’re monitoring your Internet, they start collecting your credentials and can send you malicious files.

What It Means for Small Business

While you’re probably not connecting to Starbucks from your office building, hackers can still set up Pineapples to infect your office. Wireless devices are typically set to auto-reconnect to the last network they connected to, and hackers use this to their advantage. They scan office building complexes to see if any WiFi connections have vulnerabilities.

While looking for these vulnerabilities, known as probe requests, hackers can easily see which companies have lax WiFi routers or AP security and imitate those signals. This information allows them to infiltrate your system as you auto-connect to their Pineapple instead of your office WiFi. Now the hacker has access to not only your device but any shared information from your servers as well.

How to Protect Yourself From WiFi Pineapples

The downside: Companies will never be fully secured against WiFi Pineapples. They’re constantly evolving with newer hardware and new attacks. The unfortunate reality with IT security in general is that it’s an uphill battle. There are thousands of security experts worldwide working to stop hackers, but there are just as many (if not more) cyber criminals trying to poke holes in their security barriers.

But that doesn’t mean you shouldn’t try. Not protecting yourself from IT security threats is like leaving your door unlocked because “they’ll get in either way.” Why make it easy for them?

The upside: There are several security defenses that your managed IT service provider can set up to combat hacker Pineapples. It starts with a solid WiFi security process, including the proper router and AP configuration, as well as advanced security tools to prevent your AP and router from responding to the Pineapple’s probe request.

Let’s not forget about mobile users either – and remember, “mobile” doesn’t only mean cell phones. Tablets, POS, and any other “on-the-go” devices count as mobile and should be secured appropriately, as these kinds of devices are more likely to connect to public WiFi. Therefore, public WiFi locations are the most targeted areas and pose the most significant risk to your company’s security.

Wireless is here to stay as the convenience is undeniable. However, as our everyday hardware becomes more powerful, the number of threats targeted at them grows. Talk to your IT service provider about ways to protect your company from these risks.