The Wifi Pineapple is little innocuous looking device should scare the pants off of you; I present the WiFi Pineapple. The Wifi Pineapple has a sole reason for existence; get between your wireless device and the internet. The kicker - you aren’t even going to notice.
The way it works is by laying in wait for your smartphone, table, or laptop to do what it normally does and ask for a connection to wireless networks you’ve used (and saved) in the past. From there the Wifi Pineapple rogers up and says “Yup, I’m that network you trust and use!” From there Pineapple provides a path to the internet so that you don’t take notice, allows a connection to that wireless network your device is configured to trust, then waits.
Then the data gold starts flowing from you to the internet. Your usernames and passwords of your email account(s), bank accounts, social media accounts, and yes even Pinterest. If you want to live with your head in the sand an unknowing and unsuspecting pending victim DO NOT watch the video below. However if you want to know and protect yourself watch in awe the ease of data capture.
Immediate Actions - remove all non-connected saved wireless networks.
For Windows 7 - head to the Network and Sharing Center -> Manage Wireless Networks -> then select the networks you aren’t connected with (Starbucks, that free wifi you foolishly used at the airport (you’ll see why in the video)-> Select remove.
iOS - Only thing available for you is through the General Settings menu -> scroll to the bottom and select Reset -> Select Reset Network (this unfortunately clears all your networks - just understand that there is no ability to remove individual networks).
This Offensive Network Penetration capability only increases the necessity for a Virtual Private Network (VPN) capability to at least somewhat mitigate wireless connections vulnerabilities and thus the ability of the Wifi Pineapple.
Incoming search terms:wifi pineapple, phrasew4u
Booz Allen Hamilton’s Economist Intelligence Unit produced an interesting visualization hub of the G20 countries Cyber Power. This is a fairly interesting concept to consider. The Cyber Power index is targeted at the ability of “G20 countries to withstand cyber attacks and to deploy the digital infrastructure needed for a productive economy.” Now combine this with the relationship of the ability of a country to trust more ultimately appears to lead to a country’s higher GDP (Dr. Virgil Gligor, CMU).
The team also stated that “Cyber Power is created when a complex digital information network is combined with a secure and robust physical infrastructure and developed by a skilled workforce.” Even though the Cyber Power Hub uses a hybrid of quantitative and qualitative scoring the two are fused quite well while focusing on (Highest scoring country):
- Legal and Regulatory Framework (Germany)
- Economic and Social Context (United States)
- Technology Infrastructure (United Kingdom)
- Industry Application (Australia)
The resulting findings paper summarizes down to 5 key items.
- Germany’s Comprehensive Cyber Policies are a key to its success.
- Clear Cybersecurity plans are absent in even some of the major economies.
- Cyber power relies on a solid foundation that includes technical skills, high educational attainment levels, open trade policies, and an innovative business environment.
- Prioritization of Information and Communication Technology (ICT) access is higher in the developed world.
- The G20 countries exhibit limited technological progress within key industries.
Germany really surprised me. I would not have selected them out of the G20 group as the leaders of the legal
and regulatory framework category (99.3/100). Head on over to Amazon to purchase more Cyber Power (if only).
The Department of the Navy Information Technology West Coast Conference starts today. If you are in this area of expertise you need to be listening and aligning yourself toward the initiatives and efficiencies DoN is working to accomplish. If you’re in the area get to the conference and network with your fellow DoN IT types. If you are off in the distance (or working to conserve that DoN budget) check out the Defense Connect Online and Teleconference information available for specific sessions.
Full descriptive schedule of the event is also available. I recommend getting to the Strategic Vision of DoD and DoN session, getting the update on Cybersecurity/IA Workforce Program and understanding the intent on the DoN IT Efficiences Way Ahead.