You need to be more careful next time while leaving your computer unattended at your office, as it cost hackers just $5 and only 30 seconds to hack into any computer.
Well-known hardware hacker Samy Kamkar has once again devised a cheap exploit tool, this time that takes just 30 seconds to install a privacy-invading backdoor into your computer, even if it is locked with a strong password.
Dubbed PoisonTap, the new exploit tool runs freely available software on a tiny $5/£4 Raspberry Pi Zero microcomputer, which is attached to a USB adapter.
The attack works even if the targeted computer is password-protected if a browser is left open in the computer’s background.
All an attacker need is to plug the nasty device in the target computer and wait.
Here’s How PoisonTap works:
Once plugged into a Windows or Mac computer via USB port, the tiny device starts impersonating a new ethernet connection.
Even if the victim’s device is connected to a WiFi network, PoisonTap is programmed in such a way that tricks the computer into prioritizing its network connection to PoisonTap over the victim’s WiFi network.
With that man-in-the-middle position, PoisonTap intercepts all unencrypted all Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites from the victim’s browser.
PoisonTap then sends that data to a server controlled by the attacker.
Kamkar said that cookie stealing is possible as long as a web browser application is running in the background, even if the application is not actively used.
So even if you are away from your machine, there are always chances that at least one tab in your browser is open, which still periodically loads new bits of HTTP data such as ads or news updates, which do not use HTTPS web encryption.
The Hacking Tool Allows Attacker to Remotely Control your Computer
Here’s the kick: The hacking tool also allows an attacker to install persistent web-based backdoors in HTTP cache for hundreds of thousands of domains, making the victim’s Web browser as well as local network remotely controllable by the attacker.
The attack also allows “an attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain,” Kamkar said.
Even after PoisonTap is unplugged from the targeted computer, the backdoors still remain, and the hacker will still be able to remotely gain control of the target device at a later time.
What’s more? Since the hacking tool siphons cookies and not credentials, the hacker can also hijack the target user’s online accounts even if the victim has two-factor authentication (2FA) enabled.
Kamkar points out that his tool can also bypass several other security mechanisms, such as same-origin policy (SOP), X-Frame-Options HTTP response headers, HttpOnly cookies, DNS pinning, as well as cross-origin resource sharing (CORS).