Defending against WiFi Pineapple on OS X

[zxi]

Hi,

I haven't see any solutions as to how to defend against the wifi pineapple, so I made a quick script to do so on os x. It uses a whitelist of networks that you trust (non-open networks) and will check os x preferred networks periodically (you must set a cron job to do so) and remove any non whitelisted entries.

#!/bin/bash
# prevent automatic ssid association to hotspot honeypots (wifi pineapple) by removing non whitelisted ssids from os x preferred networks (run as cron job)

whitelist=('ssidname1' 'ssidname2')

if [ ${#whitelist[@]} -eq 0 ]; then
	echo "you must define ssid names in the whitelist."
	exit 1
fi

IFS=$'\n';
num=0
wifi=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
ssids=( $(networksetup -listpreferredwirelessnetworks $wifi | sed -n '1!p' | sed 's/	//g') )

echo "-> starting wifi pineapple defense"
echo "-> checking for new preferred networks on $wifi.."
for i in "${ssids[@]}"; do
	if [[ "${whitelist[*]}" =~ $i ]]; then
		:
	else
		networksetup -removepreferredwirelessnetwork $wifi $i
		let num=num+1
	fi
done
echo "-> finished, removed ($num) entries"

[digininja]

A good script. The problem comes when you are connecting to open networks so have to disable it, there is then a window of opportunity for an attacker to go in as an evil twin.

Does the listpreferredwirelessnetworks command return the type of network? If so then you could also automatically remove any open networks you'd accidentaly trusted, just make sure you give a warning if you do.