That's for unencrypted credentials captured going across the wire by the ops team. That's to highlight insecure comms not hack people.
There was an instance where someone used a wifi pineapple 0day to brick pineapples, which are considered script kiddie tools in many circles.
Generally nobody will waste a valuable 0day at defcon to attack a personal device. If you get popped it's probably because you're running known vulnerable software.
