PoisonTap’s $5 device can hijack locked computers in a minute
How easy is it to break into a sleeping personal computer? All you need is a tiny $5 Raspberry Pi computer and freely available software, according to a disclosure from hacker Samy Kamkar.
Called PoisonTap, the hack works by tricking a locked computer into thinking the Raspberry Pi and software, connected by USB port, is not a USB device, but an Ethernet interface. The computer, which defaults to Ethernet over WiFi as standard, then sends a DHCP request asking to be assigned an Internet Protocol address.
PoisonTap responds, making it appear that a huge range of IP addresses are available even though it’s not actually an Ethernet device, and allocates one to the computer. The computer at this stage is automatically accepting this because that’s how it’s set up to operate.
Once allocated an IP address and hijacking the computer, the device then intercepts all unencrypted Web traffic, including any authentication cookies used to log into private accounts and then sends the data to a server under the attacker’s control. The hack also installs a backdoor that makes the computer’s browser and local network access remotely controllable. If that’s not all bad enough, PoisonTap doesn’t have to remain connected to the device, with the hack infecting the machine in under a minute.
“In a lot of corporate offices, it’s pretty easy: You walk around, find a computer, plug in PoisonTap for a minute, and then unplug it,” Kamkar explained in a blog post. The computer may be locked but PoisonTap “is still able to take over network traffic and plant the backdoor.”
Rapid 7 Inc. Research Director Transportation Security Craig Smith explained how it works in an email to SiliconANGLE:
There have been attacks that look similar to the PoisonTap, however, this one is exploiting a completely different system weakness. A key difference with PoisonTap is that it emulates a network device and attacks all outbound communications from the target system. This attack works on both Windows and Mac operating systems and can hijack a large number of connections, even if the machine is locked. If a user gets up to use the restroom — or even if it’s a kiosk that has disabled the keyboard, but the interface is a web backend — this device will still work.
The brilliance of the attack is actually in its simplicity: the most complex code in PoisonTap is the beautiful HTML5 canvas animation by Ara. On a $5 Raspberry Pi, Samy pulled together several clever attacks that add up to something really masterful.
The only way to protect against the exploit is essentially to disable USB ports entirely or use an encrypted sleep mode.
Image credit: Samy Kamkar
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU