Stories
Slash Boxes
Comments

SoylentNews is people

Low-Cost "PoisonTap" Tool Can Compromise Locked Computers

posted by janrinok on Saturday November 19 2016, @05:42AM   Printer-friendly
from the smart dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A new attack tool that can compromise locked computers will leave you wishing you could take your machine with you everywhere you go.

Dubbed PoisonTap, the tool consists of a Raspberry Pi Zero controller with a USB or Thunderbolt plug, loaded with open source software. All in all, this setup can be achieved by anyone who has $5 to spare.

What is PoisonTap capable of, you ask?

Plugged into a locked/password protected computer, it can hijack all Internet traffic from the machine, open the internal router to the attacker, collect HTTP cookies and sessions from web browsers, install a web-based backdoor in HTTP cache for hundreds of thousands of domains, install a backdoor into the machine that does not depend on the device being plugged in, and more. It is capable of compromising Macs and PCs running Windows.

There is also a YouTube video (5m22s).

Source: https://www.helpnetsecurity.com/2016/11/17/poisontap-compromise-locked-computers/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Low-Cost "PoisonTap" Tool Can Compromise Locked Computers | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by looorg on Saturday November 19 2016, @06:28AM

    by looorg (578) on Saturday November 19 2016, @06:28AM (#429307)

    Ohno! Hardware access to the machine can compromise it ... Say it ain't so! Anyway this seems like an actual fun and worthwhile Raspberry PI project.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2