November 16, 2016
You need to be more careful next time while leaving your computer unattended at your office, as it cost hackers just $5 and only 30 seconds to hack into any computer.
Well-known hardware hacker Samy Kamkar has once again devised a cheap exploit tool, this time that takes just 30 seconds to install a privacy-invading backdoor into your computer, even if it is locked with a strong password.
Dubbed PoisonTap, the new exploit tool runs freely available software on a tiny $5/£4 Raspberry Pi Zero microcomputer, which is attached to a USB adapter.
The attack works even if the targeted computer is password-protected if a browser is left open in the computer’s background.
All an attacker need is to plug the nasty device in the target computer and wait.
Once plugged into a Windows or Mac computer via USB port, the tiny device starts impersonating a new ethernet connection.
Even if the victim’s device is connected to a WiFi network, PoisonTap is programmed in such a way that tricks the computer into prioritizing its network connection to PoisonTap over the victim’s WiFi network.
With that man-in-the-middle position, PoisonTap intercepts all unencrypted all Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites from the victim’s browser.
PoisonTap then sends that data to a server controlled by the attacker.