Samy Kamkar, a security researcher and hacking expert in the US, has just devised a new, quick-n-easy technology to hack any computer in just 30 seconds. And the technology costs all of $5.
Cheekily named PoisonTap, the device unveils further chinks in the digital security and privacy armour and has already worried security and ethical hacking experts around the world.
What is PoisonTap?
PoisonTap needs to be connected to a Raspberry Pi Zero device to work, which is essentially the world's smallest computer (it uses bare bones circuitry and costs just $5).
PoisonTap is attached to the computer via the Raspberry Pi Zero device through ports in the devices, much like a USB would. Once connected, it can hack into almost any computer/laptop in the world.
Setting strong passwords will not help. PoisonTap does not actually break or try to guess the password of the device. Instead, it bypasses the password altogether. Which means that the strength or simplicity of a device's password would make absolutely no difference to PoisonTap's functioning.
How does it hack computers?
The device uses free software to hack into a foreign computer via its USB port, but does act as a USB device. Instead, it presents itself to the host computer as an Ethernet interface.
When asked to be assigned an IP address by the host computer (which automatically shifts from Wi-fi to the 'Ethernet device' to save power), PoisonTap presents it with fictitious IPs apparently connected to the LAN via the 'Ethernet'. The host computer sends sensitive data to all the fictitious IP's.
Then it steals all HTTP authentication cookies that are used on the computer to log in to private accounts, as well as session data from a million of the web’s top sites. The tap is effective even after the device has been removed from the USB.
All this in half a minute.
What this video for a clearer picture:
How to protect your computer from PoisonTap?
Well, the truth is, you can't really.
Inventor Samy Kamkar says:
“If I were Apple/Microsoft, I would have network devices (actually, probably any USB device except a mouse or keyboard) ask the user if they want to allow it to operate…at least the first time it’s plugged in,”
Since there is no way of preventing the attack, experts are urging computer users to not leave their laptops and computers unattended. PoisonTap even hijacks locked computers.
Other tips to save to protect your computer include:
- Close the browser tab every time you leave your device . The tap cannot work unless an internet browser is open.
- Turn on Hibernate mode when away from the device.
- Keep clearing browser caches regularly.
- Disable the USB.
And if nothing works, carry your device on your person at all times, even when you go the bathroom.
Nothing is safe anymore!
Feature Image Source: YouTube