Whether you own a Mac personally or manage a fleet with enterprise endpoint software like Mosyle, there’s a good chance you have scores of old unsecured wireless networks saved—Wi-Fi points that don’t require authentication. Common places where users connect and save these networks could be Starbucks (often “Starbucks WiFi”) and airports (like “Airport Guest”).
So, the risk? Attackers can exploit this by setting up rogue access points with the same SSIDs, tricking your device into connecting automatically. To prevent spoofing attacks like this, you can automate the removal of common SSIDs using the following script below!
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
One of the most infamous tools used for such attacks is the Wi-Fi Pineapple, commonly employed by penetration testers and malicious actors for man-in-the-middle (MitM) attacks. This device can be set up as a rogue access point to broadcast fake networks with commonly used SSIDs to trick computers into connecting automatically, believing they are joining a trusted network. I reckon most users would see they have a working connection and not investigate further. Meanwhile, every bit of data traveling between the victim’s machine and the Internet is silently being intercepted by the Pineapple, thus the attacker.
Like other computers, Macs are also prone to auto-connecting to familiar unsecured networks rather than prioritizing secured ones. While this type of attack isn’t super common, it’s a real risk worth being aware of. To prevent SSID spoofing, you can automate removing common unsecured networks from your Mac using the following script.
I’ll break it down in steps for those unfamiliar with shell scripts.
Step 1: Open Terminal
Open Terminal or you’re preferred emulator.
Step 2: Create the script file
Next, we will create a new script file with your preferred editor. I like Nano (:
nano remove_public_wifi.sh
Step 3: The script
Copy and paste my script into the new remove_public_wifi.sh file. You can change and add as many SSIDs as you like in the list below.
#!/bin/bash
#############
# By Arin Waichulis
# Created 09/08/2024
# Last tested on 03/14/2025 with macOS Sequoia 15.4
#############
for interface in $(networksetup -listnetworkserviceorder | grep Hardware | awk '/Wi-Fi/ { print $NF }' | awk -F ")" '{ print $1 }')
do
echo "Now removing saved Wi-Fi networks from $interface"
networksetup -removepreferredwirelessnetwork $interface "Starbucks WiFi"
networksetup -removepreferredwirelessnetwork $interface "Starbucks"
networksetup -removepreferredwirelessnetwork $interface "Panera"
networksetup -removepreferredwirelessnetwork $interface "CVG Free"
networksetup -removepreferredwirelessnetwork $interface "FreeWiFi"
networksetup -removepreferredwirelessnetwork $interface "SFO WiFi"
networksetup -removepreferredwirelessnetwork $interface "Public Free"
networksetup -removepreferredwirelessnetwork $interface "Airport-WiFi"
networksetup -removepreferredwirelessnetwork $interface "DaysInn_Guest"
networksetup -removepreferredwirelessnetwork $interface "Free-Network"
done
exit 0
Step 4: Save and exit
Save the file in Nano by hitting Ctrl + O and press enter to confirm the name.
Exit the file by hitting Ctrl + X
Step 5: Make the file executable
Lastly, we need to give the file executable permissions before we can run it. Otherwise, it won’t get far. We can do this with the following:
chmod +x remove_public_wifi.shStep 6: Run! Run! Run!
We can run the script by entering the following and then authenticating as sudo.
sudo ./remove_public_wifi.shMore: How to verify as sudo using Touch ID instead of typing out your password
This will stop your Mac from auto-connecting to any network we listed, including secured ones. Of course, you can also do this manually by going to Settings -> Wi-Fi -> Advanced and clicking to remove each manually; however, you’ll find the above method more streamlined if you travel for work and enterprise-friendly.
Please leave any questions or comments below (:
FTC: We use income earning auto affiliate links. More.
