Samy Kamar just released his latest hacking creation, and it is terrifying. Dubbed “Poison Tap”, Kamar’s creation allows someone to plant a backdoor on a computer in just one minute, even when the device is locked.
Samy Kamar
Kamar’s method for installing the backdoor is unconventional, but totally ingenious. Poison Tap targets the victim’s browser cache and injects the malicious code there. Traditionally, attacks would attempt to install malware onto the computer, but by instead going after the browser cache, Poison Tap can bypass some security measures and anti-virus software.
Poison Tap’s software runs off of a a microSD card inserted into a $US5 ($7) Raspberry Pi. Once it is plugged in, Poison Tap acts as if it were an Ethernet to USB device and its setting make it so that the computer begins to send network traffic to Poison Tap, hijacking all network traffic. From there, it “siphons and stores” cookies and session from the web browser of just about every website. Then Poison Tap gains access to the computer’s internal router, and it’s game over. An attacker can now remotely send code to the victim’s computer via the web. Once Poison Tap is unplugged, the backdoor stays on the computer, allowing an attacker essentially unmitigated access to the victim’s computer.
Samy Kamar
Kamar has publicly released the source code to Poison Tap, so that any would be hacker can try it out for themselves. The best way to protect yourself, Kamar says, is to encrypt your computer and it put it into sleep mode whenever you walk away from it. You could do that, but Kamar also suggests filling your USB ports with cement.
Kamar made a neat video giving a demo of his terrifying invention:
Comments
5 responses to “This $7 Device Can Takeover A Computer, Even If It’s Locked”
Great tech but you have to have physical access to the computer you want to target.
Cool say if you buy a laptop from ebay that is password locked, this would help you get around that lock. I think its more impressive and challenging to get remote access to a locked computer, not that I do that or think that its cool to do so 🙂
Why even bother going down this route when all you would have to do is boot up Hiren and blank the Windows SAM file that holds the passwords. Free and quick.
If you don’t have physical security, you don’t have security.
If you’re that worried, couldn’t you disable the USB ports in the BIOS?
Until a rootkit re-enables them…