Whether you’re a personal Mac user or overseeing a network of devices with enterprise endpoint management tools like Mosyle, it’s likely you have numerous old unsecured Wi-Fi networks stored—networks that don’t require any authentication. Common locations where these connections are saved include places like Starbucks (“Starbucks WiFi”) and airports (“Airport Guest”).
The potential danger? Cyber attackers can take advantage of this by creating rogue access points that mimic these SSIDs, tricking your device into automatically connecting. To mitigate against such spoofing attacks, you can automate the removal of these common SSIDs using the following script!
The DMN Security Bite is brought to you by Mosyle, the only Apple Unified Platform. Our mission is to ensure that Apple devices are work-ready and secure. We provide an integrated approach to management and security that combines advanced Apple-specific solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and dedicated Privilege Management, backed by the most robust Apple MDM on the market. Join over 45,000 organizations in trusting us to effortlessly prepare millions of Apple devices at a cost-effective price.Request your EXTENDED TRIAL today and discover why Mosyle is your go-to solution for Apple management.
One notorious tool for such attacks is the Wi-Fi Pineapple, frequently used by penetration testers and malicious individuals for man-in-the-middle (MitM) operations. This device can set itself up as a rogue access point that broadcasts counterfeit networks using well-known SSIDs, luring devices into connecting under the impression that they are joining a safe network. Most users may notice they are connected and not delve any deeper. In the meantime, all data exchanged between the victim’s device and the internet is covertly intercepted by the Pineapple, allowing the attacker to harvest information.
Like other computers, Macs can also automatically connect to familiar unsecured networks rather than prioritizing secure options. While such attacks aren’t extremely prevalent, they pose a genuine risk that should not be overlooked. To thwart SSID spoofing, you can use the following script to automatically delete common unsecured networks from your Mac.
I’ll outline the steps for those who may not be familiar with shell scripts.
Step 1: Access Terminal
Launch Terminal or your preferred terminal emulator.
Step 2: Create the script file
Next, let’s create a new script file using your favorite text editor. I prefer Nano (:
nano remove_public_wifi.sh
Step 3: Input the script
Paste my script into the new remove_public_wifi.sh file. Feel free to modify or add additional SSIDs to the list below.
#!/bin/bash
#############
# By Arin Waichulis
# Created 09/08/2024
# Last tested on 03/14/2025 with macOS Sequoia 15.4
#############
for interface in $(networksetup -listnetworkserviceorder | grep Hardware | awk '/Wi-Fi/ { print $NF }' | awk -F ")" '{ print $1 }')
do
echo "Now removing saved Wi-Fi networks from $interface"
networksetup -removepreferredwirelessnetwork $interface "Starbucks WiFi"
networksetup -removepreferredwirelessnetwork $interface "Starbucks"
networksetup -removepreferredwirelessnetwork $interface "Panera"
networksetup -removepreferredwirelessnetwork $interface "CVG Free"
networksetup -removepreferredwirelessnetwork $interface "FreeWiFi"
networksetup -removepreferredwirelessnetwork $interface "SFO WiFi"
networksetup -removepreferredwirelessnetwork $interface "Public Free"
networksetup -removepreferredwirelessnetwork $interface "Airport-WiFi"
networksetup -removepreferredwirelessnetwork $interface "DaysInn_Guest"
networksetup -removepreferredwirelessnetwork $interface "Free-Network"
done
exit 0
Step 4: Save and exit
To save the file in Nano, use Ctrl + O and hit Enter to confirm.
Leave the file by pressing Ctrl + X.
Step 5: Make the file executable
Lastly, we must grant the file executable permissions before running it. To do this, enter:
chmod +x remove_public_wifi.shStep 6: Execute the script!
Run the script by typing the following and authenticating with sudo.
sudo ./remove_public_wifi.shMore: How to verify as sudo using Touch ID instead of entering your password
This action will prevent your Mac from connecting automatically to any of the networks listed, including secured ones. Alternatively, you can manually remove these networks by navigating to Settings -> Wi-Fi -> Advanced and deleting each one individually; however, the script method is far more efficient for those who travel frequently for work and is ideal for enterprise use.
Feel free to leave any questions or comments below (:
