Locking your computer with passwords will not really serve the intended purpose – which is your computer’s safety – if your USB ports are exposed. The malicious Raspberry Pi Zero device called PoisonTap can easily access the its way into your system through the exposed USB ports.
Invasion has become ten steps easier and cheaper with the creation of a tool PoisonTap costing an amazingly 5$/£4, created by an engineer Samy Kamkar. It is run as a software freely available online on a device called Raspberry Pi Zero. What is startling, and spine-chilling as well, for the data-stacked servers and computers is the effortless plugging-in of the device to steal information.
The device plugged in and hackers can sit back and relax: Once the payment card-sized computer is plugged into a computer’s USB slot, it intercepts all unencrypted Web traffic, including any authentication cookies used to log in to private accounts. PoisonTap then sends that data to a server under the attacker’s control. The hack also installs a backdoor that makes the owner’s Web browser and local network remotely controllable by the attacker.
However, PoisonTap does not work in isolation. Your computer too would respond appropriately to the PoisonTap, that announces itself not as a USB device, but an Ethernet interface. Your computer will send a DHCP request for assigning an IP, but in doing so makes it appear that a huge range of IPs are not in fact out there on servers but locally connected on the LAN, through this faux wired connection. The computer sends data to the fake IP addresses created by PoisonTap to which the pre-loaded items like analytics and ads behave like building molecules to the awaiting damage to your system. These molecules become active, stimulating PoisonTap to shower back data-caching HTML iframes tags to connect to the top one million websites ranked by Alexa, malicious enough to finish the whole task of stealing in less than minute, and yes, even in a locked computer!
The PoisonTap-driven installed backdoors in the computer make the Web browser and the router accessible to the hacker, by producing a persistent WebSocket and a DNS rebinding attack for easy access to respective internet-dependent vulnerable entry points.
The reason behind the chemistry between PoisonTap and your computer is the mask of the HTTP server that the PoisonTap puts on for each site to fool your system. This enables the device to receive, store, and upload any non-encrypted authentication cookies that your system uses every time you log in.
This is not the only hack that Samy Kamkar has invented. He has been already been the mind behind the engineering of a bagful of low-cost hacks like MagSpoof that can guess and steal next Credit Card Number before you’ve received it; RollJam that can unlock almost every car or garage door; Combo Breaker that can crack Master Lock combination padlocks in less than 30 seconds; and KeySweeper – a password-pilfering keylogger disguised as a USB charger.
Speculations can diverge in a variety of directions. While some can get paranoid towards the sand-smoothened path for hackers, this invention can definitely be considered as a ‘discovery’ by Kamer for computer and software engineers. What is now available is one of the many factors to be cognizant of while manufacturing future systems.
Kamer himself says that the main foundation under PoisonTap was the apprehension that even locked computers are not secured. He has his own blogpost where he lays out what exactly the tool is about and the possible code that has to be cracked to avoid it.
Suggestions have been pouring in as to how PoisonTap can be evaded. Kamer suggests that operating systems should be made to ask permission before connecting to a new and unknown network like PoisonTap instead of silently switching over from trusted Wifi. Possible solutions also include measure like using sites which are protected by HTTP encryption and that ensures the transmission of secure cookies. This prevents any outside intervention or any attack techniques.
End users can also do their part to prevent any venom from PoisonTap by closing their browsers, even if the intention is to lock the computer eventually. For Mac users it is recommended to enable FileVault2 and to put their machine to sleep after use, since browsers are unable to make requests in such cases”.
Nonetheless, Microsoft spokesperson affirmed that in order for the PoisonTap to really work physical access to a machine is required. Hence shielding your laptop will take the literal meaning of shielding the USB ports and carrying the laptop with you all the time.
The invention can definitely be welcomed as a discovery making us more aware, rather than catching us unawares.
Leave a Comment