PoisonTap unlock each computer in 30 seconds

PoisonTap: Even the strongest passwords do not seem to be enough, as Samy Kamkar proves, and sometimes they do not take just a few seconds.

Το νέο exploit του Kamkar ονομάζεται PoisonTap, και χρησιμοποιεί ένα δωρεάν λογισμικό που τρέχει σε ένα μικροϋπολογιστή Pi Zero. Μετά την τοποθέτηση του Raspberry Pi σε έναν προσαρμογέα USB στον goal the device gets to work.
poisontap

In 30 seconds, it bypasses the lock screen and starts installing one which works even when the device is removed from the USB port.

If you think a strong password will save you, you are wrong.

PoisonTap does not work this way. It does not try to guess your password, but bypasses it completely - and it seems to work.

After the PoisonTap device connects, a device that provides Internet from USB is beginning to emulate. Once detected by the target computer, it assumes that it is connected via ethernet, and begins to send all unencrypted web traffic to the microcontroller.

The existing one of your network can't save you, as the device tricks the target computer into prioritizing all other connections over the one you're already connected to.

By acting as a man-in-the-middle attack, the device then begins stealing all of the HTTP authentication cookies you've used to log in to your accounts as well as the session data from millions of top Internet sites according to Alexa .

Due to the way it is designed, two-factor authentication may not help, since links are made by cookies stored by PoisonTap rather than by actual login credentials.

The only downside to its effectiveness is that it requires the user to have a tab of the browser open to the locked device. But the overwhelming majority does not shut down browsers before downloading the lid to our laptop.

Kamkar gave some tips to protect yourself, although he recognizes that most are not practical:

Set your computer to hibernate rather than sleep. In hibernation, the computer suspends all its processes.
Close your browser every time you close your machine.
Regularly clean your browser's cache.
Use full disk encryption
Disconnect the USB ports

Watch this

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.081 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).