Nov 23, 2016 08:10 AM EST
How To Hack A Locked Computer Using The $5 ‘Poison Tap’ [Video]
A developer created a tool that costs only $5 that can hack into screen-locked computers as long as the web browser is left running.
Los Angeles-based computer engineer Samy Kamkar revealed his creation, which he called the Poison Tap that only costs $5. The USB device can bypass any password locked computer and opens the machine to remote access without the user knowing anything about it.
Kamkar made a YouTube video of him demonstrating Poison Tap on a Macintosh computer but hinted that it should also work on other platforms, according to BBC News. The device is plugged into the computer's USB port, once plugged, masks itself as the internet, and begins to hijack all traffic.
The Poison Tap is a minuscule Raspberry Pi Zero computer that makes the target laptop or PC think it is connecting to a network. Once all unencrypted traffic is hijacked, it injects HTML into the open web browser pretending to serve up the correct pages to the computer.
The hacker can then proceed to use the stolen cookie data to access all websites the user visited using the user's own login details, MacRumors reported. All this happens in less than a minute and remains within the compromised machine even after Poison Tap has been unplugged, and without having to unlock the computer.
What's mind boggling is that the Poison Tap bypasses standard security measures such as password protection, two-factor authentication, DNS pinning and more. The device dupes the operating system by identifying the device as a LAN that encompasses the entire internet.
For his part, Kamkar also stated in the YouTube video how to protect unattended machines for possible attacks from Poison Tap and similar devices like his. The most basic are taking your laptop with you, always close your browser windows, or enable FireVault2 if you use a Mac. Server admins, on the other hand, can enforce HTTPS at entry level.
For those who would responsible enough and would want to try Poison Tap out, you'll need the $5 Raspberry Pi Zero and Kamkar's software available at his site.
Join the Conversation