This $5 Device Can Take Over a Computer—Even If It's Locked

Samy Kamar

Samy Kamar just released his latest hacking creation, and it is terrifying. Dubbed “Poison Tap,” Kamar’s new home brew device allows someone to plant a backdoor on a computer in just one minute, even when the device is locked.

Kamar’s method for installing the backdoor is unconventional and totally ingenious. Poison Tap targets the victim’s browser cache and injects the malicious code there. Traditionally, attacks would attempt to install malware onto the computer, but by instead going after the browser cache, Poison Tap can bypass some security measures and anti-virus software.

Advertisement

Poison Tap’s software runs off of a a microSD card inserted into a $5 Raspberry Pi. Once it is plugged in, Poison Tap acts as if it was Ethernet to USB device and its setting make it so that the computer begins to send network traffic to Poision Tap, hijacking all network traffic. From there, it “siphons and stores” cookies and session from the web browser of just about every website. Then Poison Tap gains access to the computer’s internal router, and it’s game over. An attacker can now remotely send code to the victim’s computer via the web. Once Poison Tap is unplugged, the backdoor stays on the computer, allowing an attacker essentially unmitigated access to the victim’s computer.

Samy Kamar

Kamar has publicly released the source code to Poision Tap, so that any would-be hacker can try it out for themselves. The best way to protect yourself, Kamar says, is to encrypt your computer and it put it into sleep mode whenever you walk away from it. You could do that, but Kamar also suggests filling your USB ports with cement.

[Wired]

Advertisement

Share This Story

About the author

William Turton

Staff Writer, Gizmodo | Send me tips: william.turton@gizmodo.com

TwitterPosts
PGP Fingerprint: 88DF AB75 FAFC 1D10 4C45 A875 CA45 ABE6 B08D 8E52PGP Key
OTR Fingerprint: 47F02E79 399AB8FA CC2A4DEF 4573B25F 18AB41D2