Jump to content

Risks of just connecting to pineapple


Johnnie
 Share

Recommended Posts

Hi,

Normally I never use open networks and this gave me some (false?) sense of security against hotspot honeypots. But as I'm playing around with Wifi Pineapple these days I'm connecting my phone to my own honeypot it made me thinking: Say I forgot to clear those networks and went outside and my phone connected to another honeypot. What would be the implications of this? I'm not going to use the network obviously but can the attacker run some sort of attack even in this case?

Just trying to understand all aspects of risks involved with this tool.

Thanks.

Link to comment
Share on other sites

That sounds scary. I use an Android and then it is entirely possible to get hacked even without using the network.

I recently sticked an NFC tag on my door. Whenever I'm going out I'm touching my machine which launches a program to disable WiFi completely. I figured I don't need Wifi running when I'm out anyway. Not the ultimate solution obviously, but hope it helps a little.

Thanks for the info.

Link to comment
Share on other sites

If your phone connect's to the rouge network.the hacker can scan your phone.. Sniff traffic etc. There is a way to even Jailbrake iPhone's secretly when connected to a rouge AP and install hidden apps. On Android you just spoof an update then PWNED!

-Tp

Would you elaborate on the Secretly jailbreaking iPhone attack? I didn't think that was possible.

-Foxtrot

Link to comment
Share on other sites

I think its going to be relased at Blackhat this year. .

-Tp

Hmm, cool... Because jailbreaking has always required USB access to perform a bootrom exploit, like limera1n on PC, or a userland exploit like JailbreakMe, and the Last userland exploit found was in 4.3.3 i think.... But thats a different thread lol :p

-Foxtrot

Link to comment
Share on other sites

If you connect to a honeypotted AP it depends on what traffic you do over it. If you don't pay attention and login to facebook/gmail/etc that's had SSL stripped or ignore any SSL warnings, you're boned.

There are also apps that use SSL but don't verify SSL certificates. If you use one of these apps and there's someone evil in between you, you can still get boned..

Link to comment
Share on other sites

If you connect to a honeypotted AP it depends on what traffic you do over it. If you don't pay attention and login to facebook/gmail/etc that's had SSL stripped or ignore any SSL warnings, you're boned.

There are also apps that use SSL but don't verify SSL certificates. If you use one of these apps and there's someone evil in between you, you can still get boned..

Sure, but my scenario was not using the network deliberately. I'm already familiar with the risks of that. But can't control what and how every app is sending automatically in the background so that may be a vulnerability I guess.

Link to comment
Share on other sites

If you connect to a honeypotted AP it depends on what traffic you do over it. If you don't pay attention and login to facebook/gmail/etc that's had SSL stripped or ignore any SSL warnings, you're boned.

There are also apps that use SSL but don't verify SSL certificates. If you use one of these apps and there's someone evil in between you, you can still get boned..

Can you verify sslstrip works on some apps? I've not had any luck with it. Moxie has an awesome right up on his site about how the prevalence of apps is a huge boon for ssl-related security due to the fact the apps don't have to conform to browsers. Any info would be appreciated kyhwana!

telot

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...