Slashdot Mirror
A $5 Tool Called PoisonTap Can Hack Your Locked Computer In One Minute (vice.com)
An anonymous reader quotes a report from Motherboard: A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks. Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there's a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday. And all a hacker has to do is plug it in and wait. PoisonTap is built on a Raspberry Pi Zero microcomputer. Once it's plugged into a USB port, it emulates a network device and attacks all outbound connections by pretending to be the whole internet, tricking the computer to send all traffic to it. Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar. Security experts that reviewed Kamkar's research for Motherboard agreed that this is a novel attack, and a good way to expose the excessive trust that Mac and Windows computers have in network devices. That's the key of PoisonTap's attacks -- once what looks like a network device is plugged into a laptop, the computer automatically talks to it and exchanges data with it.
Physical access to equipment trumps (Trumps, heheheh!) almost all security. News at 11.
"Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar."
While I do think the fact that this works at all is problematic... if you're doing anything non-trivial on any website which doesn't employ https, that information has likely been available to anyone who really wanted it already.
#DeleteChrome
Yet another interesting use of a Raspberry Pi Zero. Give people a $5 computer and they just have to come up with something to use it for.
https://xkcd.com/538/
Website Just Down For Me? Find out
If you have physical access and the computer is on, you can already read the contents of RAM with some specialized hardware. That gives you access to pretty much everything.
Sure, you can do anything with physical access if you have some time on your hands.
Sure, you can be persistent if you can leave something behind, like a modified keyboard.
Sure, you can be persistent if you can install something, but that USUALLY requires either the ability to use the mouse or keyboard on an unlocked machine or tricking the user to do so for you.
The novelty here is that it's a "plug it in, wait a few minutes, unplug it, and walk away" compromise, AND it doesn't make any permanent hardware changes such as blowing up your PC by sending a few hundred volts down the USB ports.
It's also novel in that it exposes a design flaw that should've been noticed and widely discussed decades ago.
By the way, am I the only one that remembers Thick Ethernet, aka 10BASE5, and its "vampire taps"?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
My Macbook doesn't have any USB ports!
what's puzzling is that why it doesn't just get full access as YOU COULD JUST REDIRECT THE STUFF TO SOMETHING THAT CAUSES WINDOWS TO SEND THE MS ACCOUNT PASSWORD AND USERNAME IN PLAIN TEXT.. and while at that create a tunnel that stays once it gets plugged to real internet.
how is plugging a computer into a network an offline attack?
requiring physical access is less novel, especially when there are a number of attacks described where if you can place something like that, you could just get the keyboard codes by audio, em and a number of other ways - or heck, do this attack over recording the led at the router.
also it requires you to be logged into the sites already, the sites to not be https.. sorry about the yelling but this seems like a dolt just taking an existing concept, putting it on a raspberry pi and claiming fame based on that.
world was created 5 seconds before this post as it is.
well gosh golly gumpers, I can also plug an evil thing into the ethernet jack, and then plug that evil thing into the wired network, and do all manner of bad also. Hell I can substitute an evil hub for a good one and do even more bad. where will it end?
*snooze*
I have no ethernet jack - I have a Mac, you insensitive clod.
Make sure everyone's vote counts: Verified Voting
The latest Macs don't even have many ports of which to speak. Did the attacker bring a dongle with them?
READY.
PRINT ""+-0
https://xkcd.com/386/
And that guy's leg.
Learn to love Alaska
Even better flamebait :
'This text can hack your computer'
just by reading this text, your computer has been hacked!!
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Tag.
We discussed this previously. Too lazy to find the conversation, but then, so are the Slashdot "editors". This is actually a non-problem in a Windows corporate environment because if you have not already prevented users from installing hardware via group policy, you have already failed as a Windows admin.
It's not terribly difficult to prevent hardware hotplugging on Linux.
Couldn't tell you about Mac, don't care.
Wank wank, flonk flonk.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
So that means it's pretty ineffective. everything that is important to me is HTTPS, even my routers config pages.
I have yet to see any important site not force HTTPS. Will this see that I log into "fluffybunnypodcast.com" with the username bunnyman42 and the password 12345? yep. but I fully expect that the chinese hackers already have this as I really dont care if they get free copies of the latest free fluffybunny broadcast.
Do not look at laser with remaining good eye.
....and, good luck reading my fully encrypted hard drive when you get it home. For that, you might need the $5 billion NSA complex. Or (as noted above) a $5 wrench and physical access to my person.
Which would work, very quickly actually. I don't keep anything on a computer drive, encrypted or not, that I wouldn't want my mother to read. Or the Feeb. Or Soviet Russia, where your disk reads you! Because seriously, if somebody REALLY REALLY wants to get into your disk, and you're not dead, they probably can. With 4096 bit encryption and a nice long pseudorandom key, maybe not. But only MAYBE, and over time, it is even probable that they will eventually be able to do so. I remember a time when 6 digit passwords were relatively safe. Then 7. At this point 8 in lower case ASCII is easily searchable by the NSA or anyone with teraflop resources, and teraflop resources aren't even that expensive, petaflops are out there. If one assumes 64 characters, it is still only order of 10^15 permutations, so a petaflop cluster could do it in minutes, a teraflop cluster in days, and that's if one chooses a GOOD password that is essentially random. At this point, I'm not sure that a 12 character password is secure against NSA-level exhaustive attacks, although with 10^22 possibilities it would start to take a while even with a petaflop -- say a couple or three years. Again, unless you use a truly random 12 character string, they can probably cut this down to months just by searching on the most probable strings first.
But if I were alive, and (say) my hard drive had the coordinates of a nuclear bomb planted somewhere in Manhattan, I'm guessing that they'd opt for the drugs and the wrench and a bit of electricity applied to the testicles to see if they couldn't get the key in minutes instead of weeks or months. Cheaper, faster, and who takes the Constitution seriously any more anyway?
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
just a run of the mill man in the middle attack? How is that novel? And, where's the part where they break into the actual computer?
Why not RTFA? You don't even have to google - the links are right at the top of this page.
-- sudon't
Air-ride Equipped