PoisonTap – Installs Web Backdoor On Locked Computers
If you still don’t think that security hackers are getting better, then just take a look at what this guys does with $5.
PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable & microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle.
Samy Kamkar, a security researcher used some very simple, yet ingenious programming to bypass dozens of security features to hack into locked computers. This simple device which connects to any computer with a standard USB port can effectively render security useless.
Once this device is attached to a locked computer it begins the process of taking over. It does this through a series of direct attacks that affect the Internet traffic of the machine. Acting like ethernet device it installs a web backdoor while exposing your internal routers to remote access.
PoisonTap produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.
This device can easily bypass most standard methods of computer security, including:
- password protected lock screens
- 2 Factor Authentication
- secure cookie authentication
The good news is that there is protection against this type of device:
Server-Side Security
- Use HTTPS exclusively, at the very least for authentication and authenticated content
- Ensure Secure flag is enabled on cookies, preventing HTTPS cookies from leaking over HTTP
- When loading remote Javascript resources, use the Subresource Integrity script tag attribute
- Use HSTS to prevent HTTPS downgrade attacks
Desktop Security
- Di connect all USB ports Internally if not being used.
- Closing your browser every time you walk away from your machine can work, but is entirely impractical
- Disabling USB/Thunderbolt ports is also effective, though also impractical
- Using an encrypted sleep mode where a key is required to decrypt memory (e.g., FileVault2 + deep sleep)
You can check out more about PoisonTap below:
This is PoisonTap, Kamkar tool can hack locked PCs