The most expensive security systems running on the most advanced devices can now be circumvented using nothing more than a $5 tool and access to a USB port. Even password-protected machines are at risk as there’s little they can do to prevent the attack besides filling their USB ports with cement.
The attack was developed by hacker and security researcher Samy Kamkar, who built the tool using only some code and a Raspberry Pi Zero. PoisonTap, as he’s dubbed the device, is able to siphon cookies, expose internal routers and install Web backdoors on even locked machines.
When plugged into a locked or password-protected PC, PoisonTap is able to momentarily take over all Internet traffic by spoofing the IP addresses of the top 1 million Web sites. It then siphons and stores all the HTTP cookies placed by those Web sites on the target machine.
The tool also exposes the internal network router, making it accessible to the attacker remotely. It then installs a Web-based backdoor in HTTP cache for hundreds of thousands of domains. That backdoor persists even after the device is removed, giving the attacker the ability to hijack the machine remotely at a later time.
PoisonTap works by emulating an Ethernet-over-USB device. The computer than attempts to make a DHCP (Dynamic Host Configuration Protocol) request to the device, which returns an IP address while making it appear as though almost all IP addresses on the Internet are actually part of the LAN (local area network). The response forces the target computer to route its Internet traffic to PoisonTap instead of the actual Internet.
The strategy allows PoisonTap to exploit any browser running on a machine, even in cases where it is running in the background. Any automatic HTTP requests made by an advertisement, AJAX request, or…