Hacker stuff: How Pineapple can steal my data?

One thing is to read about security vulnerabilities, passwords and concepts. Another thing is to know how it actually happens and how much does it cost. These series of posts will cover impressive hacker's stuff that may be used for good and evil deeds. 

Today's device is a Wi-Fi Pineapple. In fact, it is a powerful router with endless low-level configuration ability that helps to intercept and sniff traffic.

Assume you have a phone that you ever connected to a Wi-Fi network without the password. In Moscow, it could be MosFree in the underground, in Sydney - AirportFree. All phones continuously send names of networks they connected before to speed up connection and find known networks faster. Pineapple can hear that requests and instantly change his name to a network that your phone knew before. That tricks your phone, and it connects to a pineapple that can see all your traffic. 

Why I mentioned "the network without a password"? Because if a network had a password, Pineapple would not know that password. Your phone will send a password-protect connection request that will not be correctly processed by the Pineapple, and your phone would not be tricked.

The device cost is not thousands of dollars, but only 100-200 USD. It has a friendly user interface and allows to use it without some incredible technical knowledge.

You cannot do anything with your phone sending network names everywhere. What you can do is to avoid where possible usage of password-free Wi-Fi networks and use only encrypted traffic (e.g. https) for critical communication. 

Follow me here, on Twitter, Telegram and abocharnikov.com.