Submitted via IRC for TheMightyBuzzard
A new attack tool that can compromise locked computers will leave you wishing you could take your machine with you everywhere you go.
Dubbed PoisonTap, the tool consists of a Raspberry Pi Zero controller with a USB or Thunderbolt plug, loaded with open source software. All in all, this setup can be achieved by anyone who has $5 to spare.
What is PoisonTap capable of, you ask?
Plugged into a locked/password protected computer, it can hijack all Internet traffic from the machine, open the internal router to the attacker, collect HTTP cookies and sessions from web browsers, install a web-based backdoor in HTTP cache for hundreds of thousands of domains, install a backdoor into the machine that does not depend on the device being plugged in, and more. It is capable of compromising Macs and PCs running Windows.
There is also a YouTube video (5m22s).
Source: https://www.helpnetsecurity.com/2016/11/17/poisontap-compromise-locked-computers/
(Score: 2) by The Mighty Buzzard on Saturday November 19 2016, @11:27AM
You are correct, good sir. Problem corrected.
My rights don't end where your fear begins.