$5 Device Can Hack your Password-Protected Computers in Just One Minute

November 16, 2016

You need to be more careful next time while leaving your computer unattended at your office, as it cost hackers just $5 and only 30 seconds to hack into any computer.

Well-known hardware hacker Samy Kamkar has once again devised a cheap exploit tool, this time that takes just 30 seconds to install a privacy-invading backdoor into your computer, even if it is locked with a strong password.

Dubbed PoisonTap, the new exploit tool runs freely available software on a tiny $5/£4 Raspberry Pi Zero microcomputer, which is attached to a USB adapter.

The attack works even if the targeted computer is password-protected if a browser is left open in the computer’s background.

All an attacker need is to plug the nasty device in the target computer and wait.

Once plugged into a Windows or Mac computer via USB port, the tiny device starts impersonating a new ethernet connection.

Even if the victim’s device is connected to a WiFi network, PoisonTap is programmed in such a way that tricks the computer into prioritizing its network connection to PoisonTap over the victim’s WiFi network.

With that man-in-the-middle position, PoisonTap intercepts all unencrypted all Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites from the victim’s browser.

PoisonTap then sends that data to a server controlled by the attacker.

Read full story…