WiFi Pineapple Modules refer are various software components that can be installed on the device to extend the router’s functionality and perform specific tasks. Modules can be thought of as plug-ins or add-ons that can be installed on the device to enhance its capabilities.
There are many modules available for the WiFi Pineapple, including modules for performing reconnaissance, sniffing traffic, cracking passwords, spoofing MAC addresses, and more. These modules can be installed and configured via the web interface of the device, making it easy to customize the WiFi Pineapple for specific testing scenarios.
The evil portal module can be modified to emulate other websites, portals, or platforms, such as login pages from other platforms like Starbucks and Mcdonald's to obtain credentials. Examples of these portal duplicates can be found here: https://github.com/kleo/evilportals
Once a client tries to connect to your PineAP, they will be prompted with a portal that emulates a company or organization login page.
When the client enters their credentials, the information will be recorded in a log file, including their entered email and password, as well as their MAC and IP address.
MDK4 is a Wi-Fi testing tool that injects frames on several operating systems. It uses the osdep library from the aircrack-ng project.
Included in MDK4 are numerous attack modes, and below are 3 prevalent examples:
HCXDump is a tool that can be used for capturing WPA handshakes from Wi-Fi networks, as well as running multiple tests to determine whether Wi-Fi access points or clients are vulnerable to brute-force attacks. HCXDump works through beacon and probe response testing to analyze responses and vulnerabilities. It can also be done using association testing and de-authentication testing for further
After completing a scan, the module creates a .pcap file automatically, which can be opened with third-party tools, like Wireshark, to perform additional analysis on the network.
TCPDump is a tool used for network traffic analysis and packet capture. It is available on most Unix-based operating systems and is commonly used by network administrators and security professionals to monitor and troubleshoot network issues. TCPDump captures packets in real time and displays them on the command-line interface, allowing users to analyze network traffic and identify potential security threats.
Like HCXDump, the module creates a .pcap file automatically after completing a scan, which can be analyzed to perform additional analysis on the network.
The Hak5 WiFi Pineapple is a powerful tool that could be used for wireless network penetration testing and security auditing. One example of these use cases is network security testing in physical fields, such as offices and workplaces. The WiFi Pineapple can be used to test the security of wireless networks by simulating various attacks, such as man-in-the-middle attacks, rogue access point attacks, and password cracking attacks. Another example of use cases for the WiFi Pineapple is security researchers, who can use the WiFi Pineapple to study wireless network security and protocols, possibly developing new security tools and techniques.
Furthermore, the information obtained from using the WiFi Pineapple can be invaluable for organizations in providing their clients with the necessary information to prevent potential attacks. For example, if the WiFi Pineapple identifies vulnerabilities in a client’s wireless network, the organization can use this information to educate the client on the importance of strong passwords, encryption settings, and other security measures. Additionally, the WiFi Pineapple can simulate attacks on the client’s network, demonstrating the potential risks and consequences of a security breach. This can help the client understand the importance of maintaining strong security practices and investing in security solutions to protect their network.
Before conducting any testing with the WiFi Pineapple, obtaining permission from the network owner or administrator is essential. Unauthorized testing can lead to legal consequences.
It is recommended to use the WiFi Pineapple in a controlled environment, such as a lab or testing environment, to minimize the risk of affecting other networks or devices unintentionally.
It is important to conduct a risk assessment before using the WiFi Pineapple to identify potential risks and develop a plan to mitigate them.
It is essential to ensure that the WiFi Pineapple is properly segmented from other networks to prevent unauthorized access.
It is recommended to keep the WiFi Pineapple firmware updated to ensure that it is protected against the latest security threats.
Whenever possible, it is recommended to use encryption to protect the data being transmitted between the WiFi Pineapple and other devices.
It is important to keep detailed records of all testing activities, including the tools used, the methods employed, and the results obtained. This can be done through the help of features from the WiFi Pineapple, such as generated reports from Campaigns.
In an increasingly interconnected world, the threat of WiFi Pineapple attacks looms large. These malicious activities exploit vulnerabilities in WiFi networks, allowing attackers to intercept and manipulate network traffic. However, there are proactive measures you can take to fortify your digital fortress and protect against these insidious attacks.
First and foremost, ensure that your network is secured with robust encryption, such as WPA2 or WPA3, to make it harder for attackers to breach your defenses. Implementing a wireless intrusion detection system (WIDS) or wireless intrusion prevention system (WIPS) can provide an extra layer of security by monitoring your network for any signs of suspicious activity, including rogue access points and evil twin attacks.
Regularly updating the firmware and software of your network devices, such as routers and access points, is crucial. These updates often contain patches that address known vulnerabilities, making it harder for attackers to exploit them. Additionally, consider using a virtual private network (VPN) when connecting to public or untrusted networks. A VPN encrypts your internet traffic, making it significantly more challenging for attackers to intercept and manipulate your data.
Education plays a vital role in defending against WiFi Pineapple attacks. Train your users to exercise caution when connecting to WiFi networks, emphasizing the importance of verifying network names and using secure connections whenever possible. Disabling automatic network connections on devices can also prevent unintentional connections to rogue access points.
Conducting regular network audits and security assessments is essential to proactively detect and address any vulnerabilities or signs of unauthorized access. By staying vigilant and implementing these robust security measures, you can fortify your WiFi network against WiFi Pineapple attacks and ensure the safety of your digital communications.
To sum up, the WiFi Pineapple is a highly effective tool that can be used for wireless network security testing and penetration testing. It can simulate various types of attacks, monitor network traffic, and identify potential security threats. The WiFi Pineapple is a valuable tool for network administrators and security professionals who need to ensure the security of their wireless networks. However, it should only be used ethically and for legitimate purposes, as unauthorized use of the device can lead to legal consequences. With proper use and implementation, the WiFi Pineapple can help identify vulnerabilities and improve the overall security of wireless networks, potentially preventing security breaches and protecting against malicious attacks.
Hak5 WiFi Pineapple Mark VII: A Comprehensive Toolset for Wireless Network Security Testing and… was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.
Last weekend, DEF CON held their “SAFE MODE” conference: instead of meeting at a physical venue, the entire conference was held online. All the presentations are available on the official DEF CON YouTube channel. We’ll cover a few of the presentations here, and watch out for other articles on HaD with details on the other talks that we found interesting.
We don’t often dabble with physical security in our weekly roundup, but the lockpicking track is a big part of DEF CON. It’s a perfect excuse. So first up is a presentation about safe-cracking by [Jared Dygert]. You know the scene in the movie where the super thief cracks the safe by listening to it as he spins the dial? Yeah, forget that. The real technique doesn’t have anything to do with sound. A typical three-number combination safe has a trio of wheels inside the locking mechanism. Each of these wheels have a narrow slot, or gate, cut into them. When the three gates are lined up, the locking bar can fall into the slots, and a fourth wheel pulls the lock open.
That fourth wheel is the key to cracking a safe, as the locking bar rides directly on the outer surface of that wheel. The gate there is shaped differently from the others, with a curved edge on one side. It’s possible to feel exactly when the locking bar begins to drop into that gate. Because of the shape of that special fourth gate, it’s possible to measure the width, and by extension discover how far the locking bar has dropped. As the three wheels with unknown gates aren’t perfectly the same size, it’s possible to map the surface of the largest wheel and discover where the gate is. For a demonstration, watch the video linked above.
It’s hard to mention lock pickers without giving a shout-out to a pair of YouTubers, [Bosnianbill] and [LockPickingLawyer]. I came across a video this week from the lawyer of this dynamic duo, and it’s the most polite-yet-savage burn I’ve seen in a long while. Before you watch, know that the tool he uses is the Sparrows Disk Pick, and he and [Bosnianbill] worked together to design and beta test the tool.
Snapdragon processors are quite popular in high end Android devices. These processors are packaged in a System on a Chip (SoC), which really contains a number of processors and devices. A Snapdragon SoC has a processor, GPU, Wifi modem, Image Signal Processor, and Digital Signal Processor. We talk a lot about security vulnerabilities in the software that runs on the CPU. What if I told you there were vulnerabilities in software running on those other processor cores, too? Well yeah, there will obviously be poorly written code there too. What hasn’t been obvious is how to find those vulnerabilities, and then how to attack them. Now, thanks to the researchers at Checkpoint Security, and their work on Achilles, we know a way to attack the dragon’s heel.
When an app needs to use the Snapdragon DSP, it invokes a serialization library, referred to as a stub.so file. Once the data is serialized, it is transferred to the DSP over shared memory, using the DSRPC driver. Along with the data to be processed, the application also sends along the processing library. This library is essentially the program that will run on the DSP. There is a code signing requirement. The DSP will only run code that has been signed by Qualcomm, but there is no version checking or revocation mechanism. In essence, any DSP library Qualcomm has ever signed is allowed to run on every DSP. To make matters worse, an Android app can access the DSP with no special permissions. Even if only one vulnerable DSP library were created, the weak code-signing scheme means that every Qualcomm DSP is vulnerable.
A few articles are suggesting that a malicious video or audio file downloaded from the net can trigger the vulnerability. This is incorrect. So far, only an application with direct access to the DSP can launch the attack. During the virtual press conference on Thursday, this was addressed by a Checkpoint researcher. While it’s theoretically possible for a video file to trigger a yet-to-be-found vulnerability, the flaw they found is a deserialization bug that is only triggered by a malicious serialization process. This means data processed using the official serialization process can’t trigger this vulnerability. The deserialization bug is actually rooted in the Software Development Kit that is distributed to OEMs and used to build the individual libraries. To put it simply, it’s not just one or two DSP library that is vulnerable, but all of them, which is where the “400 vulnerabilities” comes from.
Once a malicious application uses the vulnerability to break the deserialization routine and achieve code execution, what’s next? Qualcomm did at least do proper user/kernel separation, and an additional vulnerability is needed to escalate privilege up to full compromise. Once there, the primary threat is data leakage. The malware on the DSP can examine all the data that other applications share for processing. This likely means full access to the device’s microphone, and potentially camera when it is use. I was able to ask Checkpoint if they had managed to permanently modify the DSP’s firmware, as this sort of modification could survive through even a full factory reset. Their response is that they had investigated this question, and had been unable to make a permanent modification. This isn’t surprising as firmware of this nature is often not stored on the SoC itself, but is loaded from the main system flash memory as a part of the boot process.
So far, this set of vulnerabilities doesn’t pose a huge risk to the everyday user. The normal advice of not installing untrusted applications is still the best solution. The major danger here is that DSP malware could be used by an installed application to access the microphone audio without having any permissions. The process of fixing this set of vulnerabilities will be a headache for years to come. Not only will the individual vulnerable libraries need to be updated, the signing problems will need to be addressed so vulnerable libraries can’t be trivially executed. It does not appear that any fixes are available at this time.
For your viewing pleasure, one of the other excellent talks from DEF CON is below, where [Christopher Wade] dives deeply into firmware hacking, primarily on Android devices.
A very large dump of Intel code and documentation was made public last week. The official Intel explanation a partner or customer must have abused their access to Intel’s “Resource and Design Center”, and leaked the documents from there. According to ZDnet’s coverage, though, the leaker claims to have found the documentation on a CDN server that wasn’t properly configured.
Regardless, the leak seems to be genuine. Time will tell what interesting tidbits are contained in the 20 GB that were just released. As the information is all marked confidential, there is a bit of a legal grey area as to what programmers are allowed to do with the information.
And finally, just for fun, researchers at McAfee found a set of vulnerabilities in the “temi” teleconference robot. In a surprisingly detailed write-up, they describe how an attacker can possess the robot without any valid credentials, use it to drive the robot around and spy on whatever is nearby. McAfee researchers have shared all their findings with temi’s vendor, and fixes are already available.
Prufrock, the third generation tunneling machine from The Boring Company has begun working somewhere in the world. But no one knows where.
Windows/Mac/Linux: Programming an Arduino isn't especially difficult, but if you're looking for a more visual method, Scratch for Arduino (S4A) uses MIT's Scratch as a groundwork for teaching kids (or beginners) how to program an Arduino.
    
|
Google’s Streetview has taken us to some pretty interesting places lately. We’ve had the world’s tallest skyscraper, the Eiffel Tower, a Bond villain’s lair and a trek up to the top of Mount Fuji, but this is the first time we’ve been able to visit other dimensions – with a wander around inside Dr Who’s TARDIS.
Start here, outside London’s Earls Court tube station, then follow the instructions below the fold …
Alongside the usual Streetview forward-arrow, you’ll see a double arrow pointed towards the Police box. Click that, and you’re inside the TARDIS. You can then use the usual arrows to explore the interior.
Dr Who geeks will observe that the Police box is the real thing, rather than the TARDIS which differs in several small details.
Via TechCrunch
Check out 9to5Google for more breaking coverage of Google Corporate, Google, and streetview.
What do you think? Discuss "Fun Googlemaps easter egg lets you follow Streetview into Dr Who’s TARDIS" with our community.