>>Dude, there was a lot of great things about doing the show, Hacking the System. And we did that segment
on the WiFi Pineapple, and the biggest bummer is that we went to such lengths to make sure that even if somebody went frame by frame, everything was accurate and correct.>>It was legitimate hacking code.>>Right? And then,
of course the comments are like, “They showed a screen and typing and said the word ‘hacking’,
and therefore it’s bogus.”>>Darren, from Hak5,
went out of his way at DEF CON this year to tell me.
“No, no, it was all real. I assure you.”
>>Every single bit of it was exactly accurate represented. Which to be honest, makes
me want to flip the table and go full NCIS on this. [laughs] Like why bother to
present anything accurate? Just bash keys and be like,
“Hack, hack! We hack.”>>I love that you’re idea of hacking is basically pretending to be a cat. [hysterical laughing] [to the tune of Keyboard Cat]
♪ Do, do, do, do… do do-doo do. ♪ [light vinyl static]
♪ ♪>>robot voice:
Using the WiFi Pineapple.>>All right, we’re
here with Shannon Morse from Hak5 and TekThing. Shannon, thanks for joining us.>>Thanks for having me.>>Dude, my favorite segment
we did on Hacking the System was the one about the WiFi Pineapple. And now, this will be the first time I actually get to experience first hand interacting with one.>>This thing just looks dangerous. This is the WiFi Pineapple.>>SHANNON: Yes.>>It looks like something
that should not be near any of my technology.>>One of my favorite
things that had happened at DEF CON was where our friend, Glitch, came up and showed us,
opens up a case and there is a drone with
a WiFi Pineapple built in.>>Awesome, so awesome.>>For the uninitiated,
what is a Pineapple?>>So the WiFi Pineapple is basically a hot spot honey pot and
it’s a man in the middle attack for wireless.>>That sounds like the sexiest
porno I’ve ever heard. [laughter] [through laughter]
>>The hot spot honey pot man in the middle.>>You know, I could say
that it is techno lust. [laughter]>>Give us some more
appropriate terms we can Google. [hearty belly laughs] Because if I run that through the Google…>>I’ve never thought about that,
but you’re probably right. [laughter]>>One thing that I noticed
about what you just said, is you used a lot
of terms that are common to confidence games, and scams,>>Yes.
>>-man in the middle, honey pot, things like that. And so, a lot of cross over there.>>Yes, definitely.
>>Tell us how this works.>>So you know how whenever you go home or you go to a place that
you’ve connected to previously, your phone automatically
connects to whatever known network is out there?
[Jason’s vocalized affirmation] Well, the WiFi Pineapple is going to play a man in the middle to
that kind of scenario. So whenever you’re going
out with your device and your device is
looking for some network that you’re familiar with already, like your home network Brian.
>>Right.>>It’s like, Brian’s home network; you go home, your phone automatically
starts sending out these pings all over
the place, looking for this home network.>>And I assume, your phone, as long as you have WiFi turned on, your phone is constantly saying like,
“Hey, where’s home WiFi?”>>It is, yeah.
>>”Are you home WiFi? Are you home WiFi?” And then the Pineapple says,
“Yeah, that’s me.”>>Yeah, you may be far, far away from home and you’re looking for Brian’s home WiFi and then my WiFi Pineapple hears you say “Brian’s home WiFi,”
hears your device say it. And then it replies back and it says, “Oh, that’s me! You should connect to me.”>>Okay, so at that point, I would imagine by itself, you would just be connected to a node, and you wouldn’t
be connected to the Internet. But because we said man
in the middle, I assume we’re saying that this is the connection
>>Exactly.>>and it just relays everything. And so what? [stammers]
You can save all the data that goes through. You can watch everybody do everything… as they’re doing it?>>Oh yeah.>>That’s a sinister smile
of a hot shot honey pot. [evil laugh]>>Does it connect automatically? Or does it say, “Oh, this is Brian’s WiFi” and you say yes, I want
to connect on that. How do you get deceived exactly?
>>SHANNON: No, I– So one of the
really fun things with this is I can go ahead and
start up a little device called Pine A-P. And this is going to track
all of the different pings that’s happening in the
wireless all around us. So if your phone is looking
for coffee shop WiFi and yours is looking for
Brian’s home network WiFi then it’s going to pick on both of those. We call them SSIDs; so
this is an identification for the access point.>>SSID is what the WiFi hot spot announces itself to be right?
>>Exactly, yeah.>>Whenever you pick a
silly name for it, got it.>>Yeah, and any time it sees it, it’s going to add it to this awesome little pool that I have currently
tracking what’s going on in the WiFis around us.>>BRIAN: Wait a minute, hold on,
let me get my phone. So if I turn on WiFi right now…>>Okay.
>>There we go. And it says,
searching for WiFi networks. Is it giving you anything
right now of interest?>>Let’s see, T-Mobile wing man.>>No, that’s not me.>>OTA, there’s a lot in here.>>BRIAN: Wow, there’s awful lot in here.>>SHANNON: Starbucks,
so these are all different SSIDs that your phone is currently
trying to connect to. It’s things that your phone has previously connected to in the past
and it’s looking for those.>>I would imagine that if you
just left the Pineapple on, especially in a busy area,
everybody’s phone is constantly saying, like
“I’m looking for this WiFi.”>>Now–>>They’re shouting out, who they’re–
>>Ooh. If you set this up in a city, you can get hundreds in your SSID pool, it’s crazy.
>>[hushed tone] Holy cow.>>Now are these just phones and laptops or do you have like IOT devices on here as well?>>Oh yeah, IOT devices, if
those are sending out pings, I’ll pick those up too.
>>Everything?>>I’ll pick up tablets, laptops…
>>Anything looking for a WiFi.>>JASON: Wow.
>>Yeah, your desktop computer. If your camera has WiFi turned on and is
pinging for an access point, it’ll find that too. And I should preface
this by saying of course you know Hak5 sells this product and we don’t condone using
it for illegal purposes. And I am in a lab environment
here with you guys. You have told me, “It’s okay, you can hack me.”
>>JASON, distant: Science, it’s just everywhere.>>And we should talk about,
there is such a thing, white hat hacking,
>>Yes.>>-penetration testing. The only way to know
whether or not your locks are secure is to try to break your own locks.>>Exactly.
>>And this is an important tool.>>And that’s what this is used for,
it’s used for penetration testing by experts that go out and get hired by companies. And it’s also used by me
for educational purposes. That’s why I’m here.>>Okay, so let’s do an experiment, just to see how terrifying this is.>>Okay.
>>Can you pretend to be Starbucks?>>Yes I can. So I can go ahead and turn this on so it accepts clients. Like, I currently have
two clients connected.>>Tell me at least one of
these is this other computer and not me.
>>Yeah. I do have this
computer currently set up. And let me go ahead and log in here. So, I have connected to
Starbucks in the past. My WiFi Pineapple knows that. So if I go ahead and
look through my wireless options up here, I see that I have indeed connected to Starbucks WiFi here. And I am currently connected
to the WiFi Pineapple.>>Okay, so in this case–>>So there’s obviously
not a Starbucks around here.>>Yes, no, definitely, nobody coming here looking for Starbucks.
>>No.>>I love the gravity of that warning. “No one come here looking for Starbucks. [gravely]
You don’t understand!”
[sinister strings]>>So to set it up
really easily right now, I’m going to go ahead
and change my open SSID over here, which is basically changing my WiFi Pineapple into
an open access point that you would normally
find at like a coffee shop. So I’m going to call it…
>>Whatever coffee shop, no particular coffee shop of importance.
>>SHANNON: [feigning naiveté] No! No particular one, specifically. So it’s going to go ahead and restart the wireless radios on the device. And then in a couple of seconds, maybe a couple minutes, you’ll notice that it says Starbucks WiFi.>>[gasps] There it is. There it is! Okay, so now I’m going to,
aw geez, all right. So look, I’m on Starbucks WiFi.
>>Yeah, Totally.>>See, and I’m not even careful. I just look at it and say,
“Starbucks WiFi, great. “Oh, you’re going to hack me?
How many bars do you have. Okay cool.”>>[laughs] Okay so
right now, I’m connected what looks like to Starbucks,
even though there’s no Starbucks. But actually, it’s the WiFi Pineapple, which is just relaying everything through, what, the local WiFi?>>Yeah, basically. So I have
my laptop connected to your open WiFi here, or your
[emphasis] password protected WiFi I should say here. [laughter]
>>That was the most
audible quote-y fingers I have ever heard.>>SHANNON: I’m sorry!
>>Your password protected WiFi.>>I mean, how is it that
I walk into this room and I’m like, “Hey, do you have WiFi here?” And Brian hands me the thing from his ISP.
>>BRIAN: Not anymore!>>Not any more, by the
time anyone sees this we’ll have changed the
passwords to good passwords.>>It’s like, here’s the
default WiFi password.>>No, it will be “good passwords”
will be the actual password.>>Okay so Brian, so this is
a very rudimentary example but are you “Brian seven plus?”>>[ashamed] Okay, yes.
>>Okay.>>This is my–it’s not a
seven plus, it’s a newer phone. [frantic]
Also, I’m not comfortable with sharing all the names of my devices, yes! That used to be me!
I’ve also changed that. [laughter]
>>JASON: Exactly.>>It looks like I am currently connected on one of those WiFi access points that I was pinging out, one
of the ones in my pool.>>Okay.>>And you are connected
to Starbucks WiFi, which was the open AP
that I set up on this one.>>Oh this is wild, so
both of these two devices think that this has a different name?>>Yes, exactly.
>>This one thinks it’s called–>>Starbucks, and yours thinks
it’s Starbucks WiFi.>>This is amazing.>>It is whatever it needs to be.>>Yeah.
>>Okay, here let’s see what you can find out about me as I just surf around as a normal person.>>Okay, well hold on, I
need to actually turn on the attack to be able to do that. So I can do a whole bunch
of different modules on the WiFi Pineapple. And the one that I’m
running is called DWall. And this was made by,
I believe, Sebkinne. So, if I turn this on…>>BRIAN: So DWall does what?
It basically pays attention to all the traffic and… [trails off]>>So DWall is basically
going to make an owned wall of information that is
coming from whatever is connected to the WiFi Pineapple.>>Oh, so it’s just saying,
“Here’s everything we found.”>>Yep, so DWall picks
up any kind of data that is passing through. If it’s unencrypted,
it can pick up cookies from different websites if those are not protected correctly.>>BRIAN: This is bad!
>>It can even pick up websites that you’re visiting.>>Uh okay, all right,
well can you see what website I am visiting right now?>>Okay, so I just
started listening on this. So I’m going to go ahead
and let that run for a bit. And then I’m also going to go ahead and open up some websites on
my computer over here as well. So, in a few minutes, we
should probably start seeing a whole bunch of different
websites on the DWall module.>>JASON: We’re starting to get something.>>SHANNON: Oh yeah.
>>BRIAN: Wait, we’re getting stuff?>>Geotrust.com;
digicert.com; letsencrypt.org. Oh! these are certificates
from one of the websites that probably that you’re currently visiting.>>Oh wow.>>So we’re seeing that
actual certificates from the website. Which means that, it’s probably a very fairly secure website.>>Will it be able to tell us that Brian is actually playing Hearthstone
right now? Because…>>[flustered] I’m not admitting
one way or the other. [laughing] Here, I’m leaving a very important message on my favorite website. I just posted a comment. ♪ ♪ It says it was successfully posted.>>Okay, I didn’t see it,
which probably means that that website is encrypted.>>Agh, it is. It has the “S!”
We talked about this!>>JASON: Ah, yeah.
>>Good, okay.>>It’s got a lock on there.
jasonmurphy.com you beat me!>>[laughing] I spent a lot of time making sure my website was secure.>>I definitely called
you a huge nerd though. [laughter]>>On my post from like July?>>Yeah, all right, here we go. I’m going to go to–
>>SHANNON: Oh! Look at that.>>BRIAN: What, what, what?>>SHANNON: Okay, so I just went to this website
that I know is unencrypted, it’s uh… I don’t know if I should call them out.>>I don’t know if you should
call this one out either. But this was…>>[chirp] .com? [wry laughter] [through laughter]
>>Did you just go to [chirp] .com?>>JASON: Is that real‽>>Yes, it’s–>>Look! I picked up the pictures
from the website, too.>>They’re friends with Frank Muller,
the great audio book reader.>>Oh!
>>From 15 years ago before he had his accident. This was the last time I checked that. It looks like his last update was 2003.>>And it looks like connect.facebook.net. So either your phone
is pinging for Facebook in the background or maybe
there’s a Facebook cookie on this site.>>Oh wild!
>>JASON: Yeah…>>There’s a Word Press
cookie on my computer. So there’s a Word Press
cookie on this website that I’m currently using.
>>Probably that one, yeah.>>Dustbrothers.com?>>Oh my god!
[laughter] Have you seen the Dust Brothers website?
>>What in the world?>>These are the music
producers from Fight Club. Their website is frozen
in time, it’s amazing.>>Oh, that’s incredible.>>It’s like we found a time capsule.
>>This is awesome! I can’t believe you’re
able to see all of this.>>And it’s just scraping…
>>That’s hilarious.>>-pictures and stuff.
>>Oh yeah, it’s scraping images from all these different websites. Now it’s not going to catch all of them depending on what kind of like encryption and security you’re using. But it’s going to catch quite a few, as we’ve noticed.>>Now what other types
of information can you get from– you can get passwords,
sensitive information?>>I can get user names and passwords. I can set up a captive portal, kind of like what you
would have to sign on to whenever you go to a hotel and you have to sign on with your room number. I can track that information and I can make my own captive portal
that looks just like it. And then I can find
out what room you’re in and what your last name is. Because you’d put it in thinking that it was the actual captive portal.>>Okay so at this point, we’re all sufficiently scared, we all undestand you can get all everything. Here’s what I want to know. We’ve said for a long time, that
using a VPN is a good idea.>>Yes.>>I want to know if a
VPN will make me safe. So I’m going to hit quick
connect on this VPN and…>>What is kingofmouths.com?>>JASON: Kingofmouths.com?>>Yeah, it came from your phone.>>I don’t know
what you’re talking about. [laughter] I actually literally don’t know.>>JASON: Justin. [laughter]
>>BRIAN: Oh it is Justin Robert Young! [laughter]>>That’s awesome.>>All right, so right now, it should be connecting to the VPN.>>Okay.
>>I assume, since this is slower, maybe it takes longer to establish
the VPN connection, or? I guess, maybe…>>That’s true.>>Maybe I already have to have
the VPN turned on before…>>What’s happening here
is your phone is talking to the WiFi Pineapple, thinking that
that’s the access point. My WiFi Pineapple is
connected to the Internet over my computer. My computer is connected
to the actual access point.>>So here’s what I’m going to do. I’m going to disable WiFi for the moment and just get the VPN going. Now the VPN is going over the LTE.
>>Okay.>>Now I’m going to switch back to having WiFi on. And I’m going to select
[murmured] Starbucks WiFi. So this is me knowing that I’m going into a scary neighborhood.
>>Okay.>>And it says I’m connected.>>It says you’re connected.>>I think it merits
mentioning that the way you utilize the Pineapple
can in some instances be terribly illegal.>>Oh, of course, just like you know, you shouldn’t murder somebody
with a kitchen knife.>>I mean…
[laughter]>>Hey! So, what website am I on?
Do you know?>>SHANNON: I don’t know, I don’t see it.
>>BRIAN: Yes!>>SHANNON: It looks like your VPN is working.>>How about, now!>>SHANNON: Nope.
>>BRIAN: Really‽>>Just, Dust Brothers and King of Mouths. [barely audible] That’s all I see.
>>BRIAN: Oh my gosh! [laughter]>>It’s working.>>You all missed out on the fact that I’m on the Space Jam site.>>SHANNON: Oh, dope! Oh that’s amazing.
>>Wait, like the actual… working site? For the movie Space Jam?
>>Yeah!>>Yep, that’s still alive right now, and looks like it definitely
teleported from the past. So you’re not seeing anything
I’m looking for right now?>>SHANNON: No, I don’t see any of it.>>And what are the best
practices that we could use to protect ourselves
from something like this just as individuals?>>Apparently a VPN.>>Yeah, dude.
This is my only take-away, is, “A-ha! I feel safe.”>>One of the most important parts is just don’t connect to open WiFi. Because if you’re not
connecting to open WiFi, this isn’t going to catch you. Now if I know the password
to a password protected wireless access point, then I could you know,
track what you’re doing. But, that makes it a lot more complicated.
>>This is going to be advanced stuff that we do when you come back in the future. But in the meantime,
where can people see so much more of your amazing stuff?>>Well you can follow me on Twitter. I’m at SNUBS, S-N-U-B-S or you can check out Hak5. H-A-K-5.ORG.>>Right on.
>>Yeah.>>I’m going to go burn
everything that plugs in, [laughter]
that has a battery, that charges.>>No, no. We talked about this,
we talked about this.>>JASON: I’ve been training some–
>>We talked about this, I swear,>>JASON: -pigeons!
>>Go to your calm place, it’s fine. It’s fine, it’s fine.
The wires don’t have it out for you.>>[exhale] Okay.
One, two,>>BRIAN: [fading away]
Superman III was only a movie.
>>♪ three, four, five. ♪ [all other sound blurs and distorts]
[to the tune of Mambo No. 5]
♪ Everybody get in the car
so come on let’s ride, ♪ ♪ to the liquor store corner ♪ ♪ said she wants some gin and juice,
but I really don’t want to. ♪ — CC BY REV
MODIFIED BY BIZARRE MAGIC — [notably quieter]
>>Ah man. Oh wait, the Donnie Darko
site finally went down. What else is there? [laughing]>>Spent a lot of
time–the Blair Witch site.>>Oh yeah!
[whispering to himself] Blairwitch.com?>>I spent a lot of time
on the Blair Witch site.>>Who didn’t?
>>It was ’99 and I was like,
“It can’t be real, right‽”>>I don’t see it!>>I hadn’t seen the movie, yet.