Submitted via IRC for TheMightyBuzzard
A new attack tool that can compromise locked computers will leave you wishing you could take your machine with you everywhere you go.
Dubbed PoisonTap, the tool consists of a Raspberry Pi Zero controller with a USB or Thunderbolt plug, loaded with open source software. All in all, this setup can be achieved by anyone who has $5 to spare.
What is PoisonTap capable of, you ask?
Plugged into a locked/password protected computer, it can hijack all Internet traffic from the machine, open the internal router to the attacker, collect HTTP cookies and sessions from web browsers, install a web-based backdoor in HTTP cache for hundreds of thousands of domains, install a backdoor into the machine that does not depend on the device being plugged in, and more. It is capable of compromising Macs and PCs running Windows.
There is also a YouTube video (5m22s).
Source: https://www.helpnetsecurity.com/2016/11/17/poisontap-compromise-locked-computers/
(Score: 2) by looorg on Saturday November 19 2016, @06:28AM
Ohno! Hardware access to the machine can compromise it ... Say it ain't so! Anyway this seems like an actual fun and worthwhile Raspberry PI project.