Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / $5 Tool Hacks Locked Computers
PoisonTap $5 Device Can Hack Even Password-Protected PCs
PoisonTap $5 Device Can Hack Even Password-Protected PCs
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
The most expensive security systems running on the most advanced devices can now be circumvented using nothing more than a $5 tool and access to a USB port. Even password-protected machines are at risk as there's little they can do to prevent the attack besides filling their USB ports with cement.

The attack was developed by hacker and security researcher Samy Kamkar, who built the tool using only some code and a Raspberry Pi Zero. PoisonTap, as he's dubbed the device, is able to siphon cookies, expose internal routers and install Web backdoors on even locked machines.

Web-Based Backdoor

When plugged into a locked or password-protected PC, PoisonTap is able to momentarily take over all Internet traffic by spoofing the IP addresses of the top 1 million Web sites. It then siphons and stores all the HTTP cookies placed by those Web sites on the target machine.

The tool also exposes the internal network router, making it accessible to the attacker remotely. It then installs a Web-based backdoor in HTTP cache for hundreds of thousands of domains. That backdoor persists even after the device is removed, giving the attacker the ability to hijack the machine remotely at a later time.

PoisonTap works by emulating an Ethernet-over-USB device. The computer than attempts to make a DHCP (Dynamic Host Configuration Protocol) request to the device, which returns an IP address while making it appear as though almost all IP addresses on the Internet are actually part of the LAN (local area network). The response forces the target computer to route its Internet traffic to PoisonTap instead of the actual Internet.

The strategy allows PoisonTap to exploit any browser running on a machine, even in cases where it is running in the background. Any automatic HTTP requests made by an advertisement, AJAX request, or dynamic Web content, causes PoisonTap to respond with attack code that is then interpreted by the browser. Once executed, the code launches 1 million hidden iframes to the top Web sites, stealing all the cookies being sent.

Use File System Encryption

There is little device users can currently do to protect their computers against the PoisonTap attack other than enabling file system encryption and putting their machines to sleep whenever other users can gain physical access to them. Only the Web servers can defend against a PoisonTap attack by using the secure flag on cookies and only allowing the HTTPS protocol to be used, instead of HTTP.

The device also poisons the cache of each domain, indefinitely force caching a Web-based backdoor that produces a Web socket to a command and control server run by the attacker. Whenever the socket is open, the attacker can remotely send commands to the target machine and force its browser to execute JavaScript code.

The attacker can also make requests from Web sites as the victim, with the user's cookies, and view the responses from the site without the victim being aware of the penetration.

Tell Us What You Think


Posted: 2016-11-17 @ 5:10pm PT
Note that he demonstrated this on a Mac not a PC.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.