Slashdot Mirror
A $5 Tool Called PoisonTap Can Hack Your Locked Computer In One Minute (vice.com)
An anonymous reader quotes a report from Motherboard: A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks. Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there's a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday. And all a hacker has to do is plug it in and wait. PoisonTap is built on a Raspberry Pi Zero microcomputer. Once it's plugged into a USB port, it emulates a network device and attacks all outbound connections by pretending to be the whole internet, tricking the computer to send all traffic to it. Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar. Security experts that reviewed Kamkar's research for Motherboard agreed that this is a novel attack, and a good way to expose the excessive trust that Mac and Windows computers have in network devices. That's the key of PoisonTap's attacks -- once what looks like a network device is plugged into a laptop, the computer automatically talks to it and exchanges data with it.
Physical access, browser running, and it only work if you use cookies on sites that don't require SSL.
At that point it s probably best to invest that $5 in a box-cutter and force the user to give your their password.
lucm, indeed.
The biggest flaw is that the OS doesn't ask if the user wants to install the device, but this exploit has been known for years. Just look up "BadUSB exploit".
what's puzzling is that why it doesn't just get full access as YOU COULD JUST REDIRECT THE STUFF TO SOMETHING THAT CAUSES WINDOWS TO SEND THE MS ACCOUNT PASSWORD AND USERNAME IN PLAIN TEXT.. and while at that create a tunnel that stays once it gets plugged to real internet.
how is plugging a computer into a network an offline attack?
requiring physical access is less novel, especially when there are a number of attacks described where if you can place something like that, you could just get the keyboard codes by audio, em and a number of other ways - or heck, do this attack over recording the led at the router.
also it requires you to be logged into the sites already, the sites to not be https.. sorry about the yelling but this seems like a dolt just taking an existing concept, putting it on a raspberry pi and claiming fame based on that.
world was created 5 seconds before this post as it is.
if you're using your computer and you didn't notice the paperback-sized device plugged into one of your USB ports, you may have other problems.
Corporate users hardly notice anything odd plugged into their systems. I could set a bowling ball under their desk and they probably wouldn't ask about it for a month, because that's not their job. They're far too busy doing the other three jobs they maintain now.
For those of us managing the average user community, the problem is far more systemic than you dismiss here. Behavior modification is one of the hardest jobs in Security.
It's basically a MITM attack. There's no difference between this and using a malicious network router. In fact, that's exactly what this is. The only difference is that you're connecting directly to the computer and pretending to be a network adapter rather that it being something upstream.
If a malicious actor has physical access to your PC, then this is the *least* of your worries. There are all sorts of things that could be done.