What Does Wi-Fi Pineapple Device Mean?

15 July 2019

The affordable ‘Wi-Fi Pineapple’ was first released in 2008 by Hak5, a company that develops tools for penetration testers (ethical hackers).

Its initial purpose was to help penetration testers educate users on how to protect themselves from public Wi-Fi attacks; while concurrently raising awareness about the spoofing and man-in-the-middle (MITM) vulnerabilities inherent in Wi-Fi technology.

Unfortunately, criminals found a way to repurpose the device to facilitate the very attacks it was built to prevent.

Pineapples were created for ease of use; therefore they allow anyone with basic technical knowledge to hack any internet connected device remotely.

The powerful invention has the ability to collect personal data from hundreds of devices simultaneously, while channelling the authentic internet connection so that users are none-the-wiser.

There are two key ways that malicious actors can use pineapple devices to hack your Wi-Fi connection:

The first exploit is known as the wall of sheep, which is essentially a honey trap to persuade users to connect to a copycat access point. Whenever you connect to a new Wi-Fi network, your device saves the network name (SSID) in case you ever need to reconnect in the future.

When you leave the vicinity of that network, your device will constantly broadcast a signal to see if that access point is available to reconnect. It does this for every network you’ve ever joined. The pineapple uses this feature to its advantage by scanning for the SSIDs being broadcast in the area, so that it can use their names to attract previously-connected devices. Once you connect to this fake network, the hacker can view all of your internet activity.

The second method pineapples use is a combination of the ‘man in the middle’ attack and the ‘evil portal’. The pineapple acts as a middle man between the user’s device and the legitimate Wi-Fi network, snooping on the data being relayed between each point.

Subscribe to our latest News & Insights Sign up to our latest  news & insights

In order to make this data legible, the pineapple has to use an ‘evil portal’, which creates a local server on the hacker’s computer to host fake versions of popular websites to capture sensitive data like login and credit card information. The attacker can then reconfigure the pineapple to redirect connected devices to the spoofed pages.

The user will believe that they are communicating directly with the website, when in reality the hacker has full control of their interaction and can modify or delete any data being sent or received.

Why Does It Matter?

As our browsing habits become progressively mobile with the impending introduction of 5G internet, consumers are increasingly vulnerable to pineapple and phishing attacks.

Research has shown that consumers become more lax about cyber security when using mobile devices and forgo their usual precautions in favour of convenience.

Therefore it is more important than ever to pay attention to the tell-tale signs that something is wrong when connecting to Wi-Fi. Using secure, encryption-protected sites that display ‘HTTPS’ and a padlock symbol in the URL bar is a great start.

This encryption makes your internet activity illegible to prying eyes, which limits their ability to use your personal data for insidious purposes. Adding modern website configurations, like HSTS, can also boost your security by blocking any attempts to downgrade your connection from a secure HTTPS protocol to a more risky HTTP one.

Companies should advise employees to avoid using public Wi-Fi where possible, as personal home and work connections tend to be less accessible to hackers.

But if they must connect to a public access point, one way to mitigate the risk is by providing a virtual private network (VPN) that encrypts data, and advising employees to then turn off their Wi-Fi and manually ‘forget’ the network after use to stop their device from constantly seeking reconnection to that access point.



  • Sarah StephensSarah Stephens

    As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

    Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

    Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

    For further information or to learn more about cyber insurance, contact Sarah Stephens, Head of Cyber, on +44 (0)20 3394 0486.

  • For more articles like this, download our Cyber Decoder

    Share this article