Slashdot Mirror

← Back to Stories (view on slashdot.org)

A $5 Tool Called PoisonTap Can Hack Your Locked Computer In One Minute (vice.com)

Posted by BeauHD on from the plug-and-play dept.

An anonymous reader quotes a report from Motherboard: A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks. Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there's a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday. And all a hacker has to do is plug it in and wait. PoisonTap is built on a Raspberry Pi Zero microcomputer. Once it's plugged into a USB port, it emulates a network device and attacks all outbound connections by pretending to be the whole internet, tricking the computer to send all traffic to it. Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar. Security experts that reviewed Kamkar's research for Motherboard agreed that this is a novel attack, and a good way to expose the excessive trust that Mac and Windows computers have in network devices. That's the key of PoisonTap's attacks -- once what looks like a network device is plugged into a laptop, the computer automatically talks to it and exchanges data with it.

7 of 172 comments (clear)

  1. Obligatory xkcd by slazzy · · Score: 4, Funny

    https://xkcd.com/538/

    --
    Website Just Down For Me? Find out
  2. Joke's on you by aonic · · Score: 5, Funny

    My Macbook doesn't have any USB ports!

  3. The latest Macs need dongles by Neo-Rio-101 · · Score: 3, Funny

    The latest Macs don't even have many ports of which to speak. Did the attacker bring a dongle with them?

    --
    READY.
    PRINT ""+-0
  4. Obligatory xkcd by cfalcon · · Score: 5, Funny

    https://xkcd.com/386/

  5. Re:News at 11 by Anonymous Coward · · Score: 1, Funny

    > Major OS

    > It won't work on any computer but Microsoft Windows computer.

    That's what he said.

  6. Re:News at 11 by lucm · · Score: 5, Funny

    If a malicious actor has physical access to your PC, then this is the *least* of your worries.

    True. I don't even want to think about what Russell Crowe would do if he had physical access to my computer.

    --
    lucm, indeed.
  7. Re:News at 11 by Agripa · · Score: 3, Funny

    The real test will be to see which OSes get patched first.

    The problem is HOW do you patch it.

    It is easy. Do what Apple does and remove the ports while requiring users to buy new systems.