Hack A Locked Or Password Protected Computer With A $5 'Poison Tap'
Samy Kamkar a developer has created a $5 (£4) device that can hack into a locked or password protected computer.
The tool called Poison Tap can break into a password-protected computer if the user leaves an internet browser application running in the background by producing a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.
The attacker can then remotely use the victim's web accounts undetected.
Samy Kamkar, who has made a YouTube video showing what happens when it breaks into a computer, created the device on a Raspberry Pi microcomputer.
Poison Tap is Said to be able to :
Live demonstration and more details available in the video:
The tool called Poison Tap can break into a password-protected computer if the user leaves an internet browser application running in the background by producing a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.
The attacker can then remotely use the victim's web accounts undetected.
Samy Kamkar, who has made a YouTube video showing what happens when it breaks into a computer, created the device on a Raspberry Pi microcomputer.
Poison Tap is Said to be able to :
- emulates an Ethernet device over USB (or Thunderbolt)
- hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
- siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
- exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding.
- installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
- allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
- does not require the machine to be unlocked
- backdoors and remote access persist even after device is removed and attacker sashays away
Live demonstration and more details available in the video:
Leave a Comment