Enjoying That WiFi on the Flight? Welcome on Board the Commjacker’s Party

Dror Liwer Blog

As the chief security officer of a company that prevents commjacking, I know public WiFi is not often safe. But like many other travelers, I enjoy the convenience of free WiFi at airports and hotels so I can be productive when moving around the world. The need to remain connected overrides the dangers.

Recently, though, I nearly suffered the consequences while staying at a hotel. In my room, I tried connecting to WiFi and almost got commjacked. Fortunately, I had Coronet installed on my laptop, and it detected I was about to join a network cloaking itself with the same Service Set Identifier (SSID) as the network I had logged on to earlier in the day during a United Airlines flight. Fully aware that I was now on the ground and not in the air, it was obvious that a commjacker was hoping to lure my laptop — and the laptops and mobile devices of any other unsuspecting guest — to connect to the attack access point.

The commjacker was using one of the most common devices to snatch data in public WiFi environments: WiFi Pineapple.

WiFi Pineapple is a WiFi honeypot that piggybacks on a nearby network and bridges a victim’s traffic and information straight into a commjacker’s hands. While this product’s name evokes images of tropical fruit and the associated feelings of fun and sunshine, in reality it operates in a dark realm of cyber-crime, described as “precision engineered as the ultimate hacker companion.”

In 2015, every single CoroNet employee who traveled abroad experienced a commjacking attempt at least once. We know this because Coronet detects and prevents the attempt. In Venice, London, New York and Singapore, by fake cell towers or malicious WiFi access points, we were all targets – which means, everyone is.

We know we were targets, because we have the detection capability. You didn’t know at one point you were a target, but statistically speaking, the probability that you have been targeted is very high. The probability that you will be targeted is also high.

Pineapple attacks can happen anywhere and to any user who is accessing a public network and not being vigilant of possible threats.

Hacking on Public Networks

You are probably aware of your device’s ability to reconnect. Once you have logged into a network, every time you return to that environment, your device tries to reconnect and log you back in. That’s great when it is a secure private network and you don’t have to reenter your (hopefully complex) password every time you log on. It isn’t ideal, however, for public networks, where a WiFi Pineapple could be waiting.

WiFi Pineapple works by using a method called Karma, which works to find devices and networks by responding to the access point request from a device, deceiving it into thinking it has found the default network it was looking for. This allows commjackers to easily conduct a pineapple attack because you are no longer communicating on a secure website.

When you’ve been hit by a pineapple, it’s easy for commjackers to conduct basic man-in-the-middle attacks that route all data streams their way and enable them to see a user’s emails and Web history, and steal personal data, session cookies and passwords.

Protection from Pernicious WiFi Pineapples

WiFi Pineapple, for sale on the vendor, Hak5, Website for $99, is currently sold out, but will be back on the market soon. The video tutorial on YouTube is easily accessible and already has more than 50,000 views. This all but suggests the increased possibility of a pineapple attack hitting you. If you’re signing into your Facebook account at your local coffee shop, a commjacker seated nearby could be scanning for your device and picking up your traffic. Or like me, you could be at the airport, on a flight or hotel room with thousands of WiFi users, and your data could be compromised.

Had I not had Coronet installed, I would not have been made aware that I was under attempted attack. An experience like mine should serve as a reminder you probably need to rethink your use of public WiFi. Don’t hesitate to take steps to make sure you are protected from WiFi Pineapple.

  • Be careful where you access information. While it is tempting to use public WiFi to complete some work or check Instagram, if you aren’t sure about the security of the network, then don’t use it.  
  • Do not access unsecure public access points. You may be drawn in by the free, easy nature of these networks, but remember that these are the most unsafe environments for hacking and the consequences of being breached are far more difficult and time consuming than simply waiting or paying to access a secured network.

Commjackers are working hard to access your information, so you need to work even harder to keep it out of their hands. I know I will.