There are numerous things you do to secure your computer — set up strong passwords, use data encryption, file vaults and what not. But you will be left baffled after learning about this new $5 device which can hack into your computer even when it’s locked.
The new device, called PoisonTap, can hack into your computer’s network even if it’s locked with a password, as long as the browser is running in the background.
You’re probably well-aware that plugging in a random USB to your device is as good as a kid accepting drug-laced candy from an abductor. Until and unless you’re sure about the USB’s content, and even after that unless you run the anti-virus programme to negate the threats out of the drive, you won’t be accessing it.
But PoisonTap doesn’t seem to pose a threat at the first sight, rather it connects as an Ethernet device over USB, exposing the user’s router, syphoning cookies and installing a web backdoor on password protected computers.
Serial hacker Samy Kamkar’s latest product is a dream come true for someone trying to gain remote access to a device that they don’t own.
The creator claims that he doesn’t intend PoisonTap to be a tool for intruders to gain backdoor entry into corporate entity networks, but wants to highlight the vulnerability of a locked computer to manufacturers so that they work towards user’s security more.
“PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable and microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle,” stated Samy Kamkar.
How does PoisonTap work?
According to the creator, as soon as PoisonTap — a $5 Raspberry Pi microcomputer loaded with Kamkar’s code — is plugged into a PC, it emulates an Ethernet device over USB. The computer then prioritises the Ethernet connection over battery sucking Wi-Fi and the hacker can seize control over all the internet traffic being sent from that device.
It then exposes the user’s Wi-Fi router, making it accessible to the attacker remotely (through WebSocket and DNS rebinding).
Next, the programme installs a web-based backdoor in HTTP cache via cache poisoning, allowing attackers to remotely force the hacked device to make HTTP requests and receive proxy back responses using the user’s cookies.
In simpler terms, PoisonTap accesses your computer using fake IPs, fooling your super-dumb computer into thinking that it’s sending data to websites, whereas all this while it sends data to the fake IPs.
Now as soon as one of the preloaded ads or analytics sends an HTTP request, PoisonTap sends back an immense amount of data-caching iframes for the top million ranked sites in Alexa’s database.
All this happens in under a minute, and these malicious iframes stay until someone manually clears them out.
You don’t even have to be there while all this happens and neither does the hacker. The installed backdoor works even when the USB is plugged out and can be remotely accessed by the hacker later to serve his purpose using your cookies, sessions and router.
Which Security Features does PoisonTap evade?
PoisonTap evades security mechanisms such as
- Password protected lock screens
- HTTP only cookies
- 2-factor authentication or Multi-factor authentication feature
- DNS pinning
- Cross-origin resource sharing
- SameSite cookie attributes
- Routing table priority and network interface service order
- Same-Origin Policy
- Cross-Origin Resource Sharing
Microsoft’s solution to PoisonTap?
Microsoft stated that for this hack to work, ‘physical access to the machine is required’, so the simplest solution would be to ‘avoid leaving laptops and computers unattended’.
It’s unclear what the software giant is trying to establish with their solution to a major security issue. Maybe, they just said it to lighten the mood around such a disturbing news, or perhaps, they really don’t have a solution to the problem.
You can as well put cement or jam in rubber and plastic to block your USB port forever. The hack works on systems running Windows, OS X and Linux.