Well-known hardware hacker Samy Kamkar has ane time once to a greater extent than devised a inexpensive exploit tool, this fourth dimension that takes precisely thirty seconds to install a privacy-invading backdoor into your computer, fifty-fifty if it is locked alongside a potent password.
Dubbed PoisonTap, the novel exploit tool runs freely available software on a tiny $5/£4 Raspberry Pi Zero microcomputer, which is attached to a USB adapter.
The assault industrial plant fifty-fifty if the targeted calculator is password-protected if a browser is left opened upward inward the computer's background.
All an aggressor call for is to plug the nasty device inward the target calculator together with wait.
Here's How PoisonTap works:
Once plugged into a Windows or Mac calculator via USB port, the tiny device starts impersonating a novel ethernet connection.
Even if the victim's device is connected to a WiFi network, PoisonTap is programmed inward such a agency that tricks the calculator into prioritizing its network connexion to PoisonTap over the victim's WiFi network.
With that man-in-the-middle position, PoisonTap intercepts all unencrypted all Web traffic together with steals whatsoever HTTP authentication cookies used to log into individual accounts equally good equally sessions for the Alexa top 1 Million sites from the victim's browser.
PoisonTap hence sends that information to a server controlled yesteryear the attacker.
Kamkar said that cookie stealing is possible equally long equally a spider web browser application is running inward the background, fifty-fifty if the application is non actively used.
So fifty-fifty if y'all are away from your machine, in that place are e'er chances that at to the lowest degree ane tab inward your browser is open, which even hence periodically loads novel bits of HTTP information such equally ads or intelligence updates, which create non role HTTPS spider web encryption.
The Hacking Tool Allows Attacker to Remotely Control your Computer
Here's the kick: The hacking tool also allows an aggressor to install persistent web-based backdoors inward HTTP cache for hundreds of thousands of domains, making the victim's Web browser equally good equally local network remotely controllable yesteryear the attacker.
The assault also allows "an aggressor to remotely forcefulness the user to brand HTTP requests together with proxy dorsum responses (GET & POSTs) alongside the user’s cookies on whatsoever backdoored domain," Kamkar said.
Even after PoisonTap is unplugged from the targeted computer, the backdoors even hence remain, together with the hacker volition even hence move able to remotely hit command of the target device at a afterward time.
What's more? Since the hacking tool siphons cookies together with non credentials, the hacker tin also hijack the target user's online accounts fifty-fifty if the victim has two-factor authentication (2FA) enabled.
Kamkar points out that his tool tin also bypass several other safety mechanisms, such equally same-origin policy (SOP), X-Frame-Options HTTP reply headers, HttpOnly cookies, DNS pinning, equally good equally cross-origin resources sharing (CORS).
Watch the Video Demonstration
You tin also sentry the given video published yesteryear Kamkar, explaining how the easily the assault tin move carried out.
How y'all tin Protect Yourself from such Attacks
Kamkar says in that place is no slowly educate for users, though y'all tin avoid such assault yesteryear always:
- Setting your computers to hibernate rather than slumber that suspends all processes on the computer.
- Closing all spider web browsers every fourth dimension y'all walk away from your computer.
- Patiently clearing browser's cache.
- Using full-disk encryption applications (for e.g. FileVault 2) inward combination alongside "deep sleep" mode.
- Or, merely disabling your USB port.
In addition, Web server operators tin protect their customers yesteryear properly implementing HTTPS together with using HSTS (HTTP Strict Transport Security) to preclude downgrade attacks.
Samy Kamkar is the engineer behind a long listing of low-cost hacks, including MagSpoof that tin gauge together with pocket side yesteryear side Credit Card Number earlier you've received it; RollJam that tin unlock close every machine or garage door; Combo Breaker that tin cleft Master Lock combination padlocks inward less than thirty seconds; together with KeySweeper — a password-pilfering keylogger disguised equally a USB charger.
Kamkar has released the PoisonTap's code equally good equally a detailed weblog post, hence y'all tin caput on to them for the detailed explanation.
