This $5 Device Can Take Over a Computer—Even If It’s Locked #piday #raspberrypi @Raspberry_Pi
PoisonTap from Samy Kamkar has set the internet abuzz with it’s hacking abilities. If you want to learn more about turning your Pi Zero into a USB Gadget, check out our learn guide here. From Gizmodo.
Samy Kamkar just released his latest hacking cre ation, and it is terrifying. Dubbed “Poison Tap,” Kamkar’s new home brew device allows someone to plant a backdoor on a computer in just one minute, even when the device is locked.
Kamkar’s method for installing the backdoor is unconventional and totally ingenious. Poison Tap targets the victim’s browser cache and injects the malicious code there. Traditionally, attacks would attempt to install malware onto the computer, but by instead going after the browser cache, Poison Tap can bypass some security measures and anti-virus software.
Poison Tap’s software runs off of a a microSD card inserted into a $5 Raspberry Pi. Once it is plugged in, Poison Tap acts as if it was Ethernet to USB device and its setting make it so that the computer begins to send network traffic to Poision Tap, hijacking all network traffic. From there, it “siphons and stores” cookies and session from the web browser of just about every website. Then Poison Tap gains access to the computer’s internal router, and it’s game over. An attacker can now remotely send code to the victim’s computer via the web. Once Poison Tap is unplugged, the backdoor stays on the computer, allowing an attacker essentially unmitigated access to the victim’s computer.
7 thoughts on “This $5 Device Can Take Over a Computer—Even If It’s Locked #piday #raspberrypi @Raspberry_Pi”
The world is doomed (:
Apple is on the right track, it seems. Eliminate all the ports!
Alan Dayley except the USB ports that are vulnerable.
This is why it is rapidly becoming a security standard to implement USB storage controls on company owned user hardware.
Do like some places and fill the USB ports with rosin. Or for even better security, just cut the power cords.
Alan Dayley it works for thunderbolt too.
Lars Fosdal Yes, I know. My comment was an attempt at a joke that text cannot communicate.
Physical access to the computer has always been an unprotect-able security hole. If the attacker can physically touch your computer, they can get in. The possible attacks just get smarter, more capable and more subtle.
You must log in to post a comment.