I think that is a fitting image for this post, because now some clowns have packaged the hardware and software to hack WiFi hotpots and put them into simple, easy-to-use boxes you can buy off-the-shelf (well, off the Internet, at least).
I call this “Hack-in-a-Box,” and there are at least two, and they are colorfully named “WiFi Pineapple” and “WiFi Robin.”
The WiFi Pineapple (with its geeky attempt at marketing: “Same great WiFi Pineapple taste, remarkable savings”) has one and only one purpose: to hack into private WiFi communications.
Here is how they describe it on their website:
Of course all of the Internet traffic flowing through the Pineapple such as email, instant messages and browser sessions are easily viewed or even modified by the Pineapple holder.
WiFi Robin has slightly better graphics, though their English could be improved:
Wifirobin optimized the cracking of WEP encryption, the optimization makes the hack more quickly (sic). Best of all it can also decode, hack, crack, unlock and reveal the passwords of most of the secured connections.
Hacking Toys for Novices
The point is, these products are toys. They have no legitimate use. Previously, the hackers’ tools were developed so network administrators could monitor traffic to help them manage the networks, a real and appropriate use. Unfortunately, the hackers started using an otherwise-legitimate technology for their own nefarious purposes.
WiFi Pineapple and WiFi Robin, though, don’t even pretend to be anything other than hacking devices.
Worse, they bring hacking out of the realm of geeks and allow anyone to use this stuff. In the past, it took at least some level of smarts and technical knowledge to hack WiFi. Now anyone, with or without much intellect, can become a hacker.
Here is what Lisa Phifer, a top security consultant at CoreCom writes:
The Wi-Fi Robin and Pineapple run entirely different attacks, but they both illustrate a trend — commercial push-button automation of attacks that once-upon-a-time required a good understanding of WiFi protocols, software development expertise, and (usually Linux open source) tools. Now all you need is ~$100.
This trend happened for other kinds of cybercrime as well. For example, spammers now rent time on a botnet instead of building or distributing their own trojans. Once tools become commercialized, attack frequency and risk tends to explode.
This is a good reminder to always protect your communications in WiFi hotspots — for example, by using a virtual private network like — Private WiFi or else you could be hacked-in-a-box and not even know it.
Private-i is the official resource center for Private WiFi, an online privacy service for consumers and small to mid-size businesses who use public WiFi hotspots. Private WiFi software encrypts all the data you wirelessly send and receive, protecting your identity and sensitive information from hackers and identity thieves. To learn more about the product and get a free three-day trial, visit privatewifi.com.
Article written by Kent Lawson, CEO of Private WiFi. Private WiFi and Sky-Packets have partnered to provide its client side application to end-users at our public WiFi hotspots.
Sky-Packets: Better Living Through WiFi
Steve Amarante
www.sky-packets.com
