“PoisonTap” Device Made Using $5 Raspberry Pi Can Easily Hack Password-Protected Computers
The lock screen of a computer is the ultimate locked door which every hacker seeks to break. This is because the lock screen protects the access of a PC/laptop to unauthorized access. Many hackers have tried to devise ways and means to break this ultimate door be it on Windows, Mac or Linux run PC/laptops. A hacker used a $50 device called Hak5 LAN Turtle to do the same while our very own Samy Khamkar had better ideas.
He has created a hacking device that allows attackers to easily gain access to a password-protected computer, hijack all its Internet traffic, and install backdoors. He has created this ultimate hack tool called PoisonTap using just $5 Rasberry Pi and running on Node.js. A person wanting to hack the lock screen password has to just plug in the $5 PoisonTap to Windows or Mac computer via USB, the device starts loading the exploits needed to compromise the machine without asking for the lock screen password.
The PoisonTap uses the similar method $50 device called Hak5 LAN Turtle and targets the weak Ethernet authentication in Mac and Windows PC. Once the PoisonTap is connected, the hacking tool emulates an Ethernet device over USB. The Windows/Mac PC recognizes the PoisonTap as Ethernet device it loads it as a low-priority network device and sends it a DHCP request. The PoisonTap then starts hijacking the internet traffic by taking control of IPv4 space. Once this is done, Poison can steal HTTP cookies and sessions for the Alexa top 1 million websites from the victim’s browser.
Khamkar has said that cookie siphoning is possible even if the web browser is not actively used. As long as the application is running in the background, it’s likely that at least one of the open webpages is making HTTP requests.
PoisonTap can then install backdoors for hundreds of thousands of domains, and open a remote access channel to the victim’s router.
Since PoisonTap steals cookies and not credentials, the attacker can hijack the victim’s online accounts even if they have two-factor authentication (2FA) enabled. Furthermore, HTTPS protection is bypassed if the “secure” cookie flag and HSTS are not enabled. Khamkar says PoisonTap can also bypass several other security mechanisms, including same-origin policy (SOP), HttpOnly cookies, X-Frame-Options HTTP response headers, DNS pinning and cross-origin resource sharing (CORS).
The interesting part is that PoisonTap needed to connect only once to the target PC. Once it is connected and it installs the backdoors, the hacker has access to the exploited PC even when it is disconnected.