Hack A Locked Or Password Protected Computer With A $5 'Poison Tap'

Samy Kamkar a developer has created a $5 (£4) device that can hack into a locked or password protected computer.

The tool called Poison Tap can break into a password-protected computer if the user leaves an internet browser application running in the background by producing a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors.

The attacker can then remotely use the victim's web accounts undetected.

Samy Kamkar, who has made a YouTube video showing what happens when it breaks into a computer, created the device on a Raspberry Pi microcomputer.

Poison Tap is Said to be able to :

emulates an Ethernet device over USB (or Thunderbolt)
hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding.
installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
does not require the machine to be unlocked
backdoors and remote access persist even after device is removed and attacker sashays away