PoisonTap can bypass even the strongest passwords. PHOTO: SCREENGRAB/YOUTUBE
I've released PoisonTap; attacks *locked* machines, siphons cookies, exposes router & backdoors browser w/RasPi&Node https://t.co/mbTAti33wy
— samy kamkar (@samykamkar) November 16, 2016
Called the PoisonTap, the device is based on a $5 Raspberry Pi Zero microcomputer paired with free software that can hijack a computer and steal its data.
Google Pixel hacked by Chinese team within 60 seconds
Once plugged in, PoisonTap imitates itself as an Ethernet connection prioritised over the existing Wi Fi network. The computer is tricked into sending unencrypted web traffic, including HTTP authentication cookies to PoisonTap.
It installs a backdoor such that the device works even after its removed from the USB port. The gadget goes on to scan the data and is even capable of overcoming two-factor authentication.
However, there is a catch. PoisonTap only works if a computer's browser tab is open in the background!
Probe of leaked US NSA hacking tools examines operative's 'mistake'
Meanwhile, Kamkar has highlighted a few tips to save a computer from malicious devices:
1) Keep the computer in hibernate mode over sleep as it suspends all processes in the background
2) Close web browsers when your computer is idle and clear its cache regularly
3) Prevent access by disabling USB ports if you’re concerned about physical attacks to your computer
This article originally appeared on The Next Web
COMMENTS (1)
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ