• Sat. Jan 23rd, 2021

$5 Electronics Used To Break Into and Hack Locked Computers

poisentap hacks computers for $5

PoisonTap – Installs Web Backdoor On Locked Computers

If you still don’t think that security hackers are getting better, then just take a look at what this guys does with $5.

PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable & microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle.

Samy Kamkar, a security researcher used some very simple, yet ingenious programming to bypass dozens of security features to hack into locked computers. This simple device which connects to any computer with a standard USB port can effectively render security useless.

Once this device is attached to a locked computer it begins the process of taking over. It does this through a series of direct attacks that affect the Internet traffic of the machine. Acting like ethernet device it installs a web backdoor while exposing your internal routers to remote access.

PoisonTap produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.

This device can easily bypass most standard methods of computer security, including:

  • password protected lock screens
  • 2 Factor Authentication
  • secure cookie authentication

 

The good news is that there is protection against this type of device:

Server-Side Security

  • Use HTTPS exclusively, at the very least for authentication and authenticated content
  • Ensure Secure flag is enabled on cookies, preventing HTTPS cookies from leaking over HTTP
  • When loading remote Javascript resources, use the Subresource Integrity script tag attribute
  • Use HSTS to prevent HTTPS downgrade attacks

Desktop Security

  • Di connect all USB ports Internally if not being used.
  • Closing your browser every time you walk away from your machine can work, but is entirely impractical
  • Disabling USB/Thunderbolt ports is also effective, though also impractical
  • Using an encrypted sleep mode where a key is required to decrypt memory (e.g., FileVault2 + deep sleep)

 

You can check out more about PoisonTap below:

This is PoisonTap, Kamkar tool can hack locked PCs

PoisonTap

 

 

Derek Wood

Derek is a Online Web Professional. He works with clients and customers in order to implement Web-Based solutions for businesses. These include websites, SEO, marketing, and company branding. His own company, Shadow Dragon Unlimited has been providing these services to local businesses in his Western Massachusetts area and online since 2003.

Leave a Reply

Your email address will not be published. Required fields are marked *