How to Protect From Wifi Hacking Tools?

For this discussion I am referring specifically to the Wifi Pineapple: http://hakshop.myshopify.com/collections/frontpage/products/wifi-pineapple. Basically it takes advantage of the automatic connect feature in Windows that remembers your home wifi password and automatically connects when you turn your computer on and it sees your router. When you have your password and connection saved and a Wifi Pineapple is in range you will connect to it instead and all your traffic can be sniiffed etc. A man in the middle attack. My question is how can someone defend against this? I guess someone could manually connect to there home wireless network every time and type in the password to avoid this. What other solutions are there? I am also guessing if you are using a VPN it would not even matter if you were connected to a Wifi Pineapple because your traffic would be encrypted correct? I am also curious if linux is susceptible to this device as well.

So as I see it the only defenses are...
1. A VPN with encryption
2. Typing your password in and manually connecting every single time.

Any other ideas?

I also was reading about another device called the Wifi Robin: It claims to "crack" wifi networks so you can use them. Im guessing it can crack wep since it is easily cracked with something like Backtrack. As far as WPA I don't believe it can. It may try to preform some sort of Brute force attack but that would be it. From the website for Wifi Robin:

Im guessing a more correct answer for WPA would be. "It may never crack WPA if the password is strong enough"

 

reading their faq although a useful tool to some it seems better suited for open networks
hakshop.myshopify.com/pages/item-faq

 

Not sure what makes you think that from the faq. From my understanding it does not matter if you have WPA enabled or not on your wireless router. The pineapple has nothing to do with cracking the wireless key. It simply causes the computer who has networks set to automatically connect to connect to the pineapple instead of the router. This would have nothing to do with a network being open or having WPA enabled. This device exploits a Windows flaw not a router flaw. Unless I am missing something? Looking over the faq now..

Example:

You are at home lets say. You are connected to your internet at home wirelessly. You run a wifi pineapple plugged into your computer with a Ethernet cable. Your neighbor turns on his computer it goes to connect to his secure WPA router but instead it connects to the wifi pineapple. Bingo you have him using your internet but you can now read his traffic.

Im wondering if it will work as I described above? That seems to be my understanding but maybe the computer would connect to the REAL router instead of the pineapple?

 

It creates a hotspot and doesnt have to be windows if you have anything that auto associates it will allow you to connect. It also performs a simple ARP Cache Poisoning attack to redirect traffic to it on open networks. I see it being no different than setting up a rouge AP.

Though no if your windows is configured to connect to your home encrypted by wpa2 it will not just simply redirect you. That being said it is very easy to deauthenticate users from routers, someone could force you off your home router with a simple deauth packet DOSing and can reconnect you to a rouge spoof that they set up. Obviously this would have to be a targeted attack and out of the scope of your question, however it is the only way I see someone forcing you to a hotspot AP without your knowledge from an encrypted AP.

 

Tin Foil?

There is no way to protect an access point from being hacked.

If you want protection, use LAN

 

This is incorrect the WiFi pineapple only works against Open networks. The victim would have to be auto-connecting to an AP with no protection. The way Jasager works is it broadcasts an AP that has no password. If it had a password it would need to know the victims WPA Password ahead of time other why's it would not be able to connect.

One way to protect your self would be using http://www.irongeek.com/i.php?page=security/decaffeinatid-simple-ids-arpwatch-for-windows

It works well and alerts you if the mac address of the router changes.

 

That goes for any network. Wireless can be locked down if a user takes their time to set it up correctly.

 

Thanks for the info. I have alot better understanding of how this works now.

 

There are 3 essential things you need to worry about pertaining to protection from Wifi hacking.

■ Weak security mode
Ensure that your wifi router/AP using the latest WPA or WPA2 encryption. Reject WEP because WEP is more easily crackable - in fact there are ready-made software and device that can be purchased.
■ Man in the middle attack including wireless packet sniffing
This applies to your computer security settings whether your firewall and ports are immune against MAC address spoofing or ARP attack. A successful man in the middle attack can intercept vital packets and disguise itself as your computer and gain access to your network/internet.
■ Bad password
Avoid using short or easy to guess passwords. In fact, this is the first and last line of defense when anything else goes in favor of a hacker.

 

I was also wondering how the "pineapple" dealt with WPA/WPA2 and the answer is it doesn't. This MITM attack only works on open WiFi. Protecting against it is simple; for a home router set a strong WPA/WPA2 password, for open WiFi networks using a VPN. There are a number of free, easy to use VPNs for computers that are perfect for use at cafes, restaurants, etc. Unfortunately there are no free choices for Android smartphones yet AFAICT.

 

Could you elaborate on how someone might know if their firewall and ports are immune against MAC address spoofing or ARP attack. Also would browsing with an VPN service using openvpn (not pptp) like strong vpn insulate me from man in the middle attacks? Lastly I checked out DecaffinatID from x942s earlier post and it looks interesting, but if I am connecting through a VPN service, should I be concerned?

 

The user who posted about the Mitm attack was wrong to some degree as ARP prevention will not be mitigated at the local level. That type of attack would involve ARP poisoning. Where in simple terms a rouge user redirects traffic to their computer where it can be intercepted and monitored.

While there is no fix it for ARP poisoning due to networking protocols, you can mitigate the risk by encrypting your network, using static ARP entries, and keeping an eye on who has access to your network. Additionally if you are technical you can install a radius server and authenticate users and AP alike.

Both ARP prevention and MAC monitoring will need to be done at the network level.

A VPN, SSL, or SSH tunnel will encrypt your packets of the local area network and prevent an attacker from sniffing them. They can see your packets, just not useful information. Hope this helps

 

Thanks for the explanation EncryptedBytes. This is a really interesting topic and I think I need to read up more on it. But from the standpoint of making sure I'm doing my due dilligence to protect my data today, am I fine if I use a decent paid openvpn provider, along with wep2 and long password (20+ mixed alpha-numeric special) which I change periodically? Or is there more I should do? Also not that it comes up that often, but is just having a vpn service good enough at a public spot like Starbucks or an airport?

 

You said "wep2" but I expect you meant WPA2. A 20+ alpha-numeric password is very strong IMHO. Remember the password for accessing the router settings too (I believe there's a thread here somewhere about configuring routers for optimal security).

I believe it's enough to protect against hackers sitting around snooping. They're going to focus on all the systems connected in the clear. Still, I protect my Lastpass account and bank site with dual authentication.

 

The password for accessing the router should be changed but you can only access that webpage when you're already connected.

 

You are absolutely right -- thanks for correcting me on that. Also thanks to you and HungryMan for your replies.

 

Also, if you're using WPA1 instead of WPA2 because of compatibility issues for example, be sure to use WPA-AES instead of WPA-TKIP, as with TKIP it's almost as easy to bruteforce as WEP.

 

Where are you getting this information? TKIP is perfectly secure as long as you change the SSID and use a strong password ~16 chars or longer.

The only way to attack WPA or WPA2 (TKIP or AES) is by bruteforcing the password (from a captured 4 way handshake). Dictionary attacks are faster than brute forcing directly but don't work if my password is complex, Rainbow Tables only work against unchanged SSIDs and short passwords.

The only REAL attack against WPA is that TKIP does have a small vulnerability where if you have QOS (Quality of Service enabled) it is possible to leak information and allow and attacker to break WPA. That said disable QOS and problem solved.

WPS is another attack but that is technically a side-channel attack and doesn't attack WPA as a whole.

All together it is good advise to use WPA-AES (CCMP) but still TKIP is not as easily cracked as WEP. WEP takes ~30 seconds to break. WPA in any mode is stronger than that.