• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

HBO’s Silicon Valley Showcased Wi-Fi Man-in-the-Middle Pineapple Attacks

July 5, 2017 By Ryan Orsi

silicon valleyPhoto: HBO
If you’re not watching the American comedy on HBO, Silicon Valley, you’re missing out on some hilarious moments around California’s Silicon Valley area.  The stars of the show are a small group of software developers and a Bay Area startup incubator character named Erlich who form the startup Pied Piper. They take the audience through outrageous experiences only possible in California including VCs throwing millions of dollars at anyone who mutters the letters “VR” together in a sentence, and the idea of “negging” or insulting an investor to raise the valuation of your startup.

Wi-Fi man-in-the-middle attacks go mainstream on HBO

Season 4, episode 9, “Hooli-con” aired a few weeks ago and featured Wi-Fi man-in-the-middle attacks using Wi-Fi Pineapples.  Pied Piper needed a way to trick trade show attendees into downloading their mobile app on their phones when connecting to the conference Wi-Fi.  They thought through trying to hack “the app store” and scratched that off the list due to way too much effort and legal risk.  So what do they do?  Exactly what WatchGuard’s Secure Wi-Fi message has been telling us: use Wi-Fi pineapples placed around the trade show to mimic the real “trade show” SSID and trick people’s phones into connecting to them.  Once connected, the Wi-Fi pineapples display an evil portal splash page that looks just like the real trade show pop-up, but has a button requiring people to download the “trade show app” to access the Wi-Fi.  The app is actually Pied Piper’s app and the trade show attendees are completely unaware they just got Wi-Fi hacked!

Hollywood or Reality?

It’s real: Wi-Fi Pineapples are affordable to anyone online starting at $99.  They give you the ability to setup an access point in between the real AP and the victim “in the middle” and get innocent victims connected.  Once connected the attacker can see all traffic of the victim, steal usernames, passwords, credit card numbers in plain text and in the case of Silicon Valley, trick victims into installing nefarious apps.

But Websites are Encrypted with HTTPS Right?

Once the attacker has a victim connected, then can even bypass HTTPS encryption on web pages using techniques known as SSL Strip and SSL Split.  HSTS (HTTP Strict Transport Security) is an HTTP Header that tells browser that it should only be allowed to connect with HTTPS.  HSTS only takes affect after the user has visited a website at least once.  This means that if the victim has never visited the site before their browser would not enforce HSTS and the website could be displayed in plain text HTTP including all input form text boxes for usernames, passwords, credit cards, etc.  SSL strip simply tricks the browser into thinking it’s always the first time a user has visited any website and renders all web pages in plain text HTTP.

The Wi-Fi man-in-the-middle attacks didn’t go exactly according to plan when the trade show Tactical Review Team (TRT) suspected Wi-Fi Pineapples at play and did a full sweep of the floor with high powered antennas designed to pinpoint the pineapples.  The pineapples were indeed located and plucked out one by one.  The TRT people are doing the job of Wireless Intrusion Detection (WIDS) with their eyes, high powered antennas, expensive RF equipment, and batteries in their backpacks.  WatchGuard’s access points managed by the Wi-Fi Cloud do the detection job of these TRT people in seconds, 24/7/365 and don’t require food, water, bathroom breaks, or a salary.  Instead of physically pulling the Wi-Fi pineapples out like dead rodents as they did in the show, our patented Wireless Intrusion Prevention System (WIPS) technology in our APs neutralizes the pineapples automatically.

Conclusion

Wi-Fi man-in-the-middle attacks are alive and well today and affect consumers of Wi-Fi service around the world.  Make sure to think about the legitimacy of what information splash pages are asking of you and ask if WIPS is being used in the Wi-Fi network you’re connecting to.

Links

  • WatchGuard Wi-Fi Cloud
  • WatchGuard’s Wi-Fi Man-in-the-middle Attack Demo
  • Season 4, episode 9 re-cap
  • Season 4, episode 9 Youtube short clip

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use