Submitted via IRC for TheMightyBuzzard
A new attack tool that can compromise locked computers will leave you wishing you could take your machine with you everywhere you go.
Dubbed PoisonTap, the tool consists of a Raspberry Pi Zero controller with a USB or Thunderbolt plug, loaded with open source software. All in all, this setup can be achieved by anyone who has $5 to spare.
What is PoisonTap capable of, you ask?
Plugged into a locked/password protected computer, it can hijack all Internet traffic from the machine, open the internal router to the attacker, collect HTTP cookies and sessions from web browsers, install a web-based backdoor in HTTP cache for hundreds of thousands of domains, install a backdoor into the machine that does not depend on the device being plugged in, and more. It is capable of compromising Macs and PCs running Windows.
There is also a YouTube video (5m22s).
Source: https://www.helpnetsecurity.com/2016/11/17/poisontap-compromise-locked-computers/
(Score: 3, Informative) by dlb on Saturday November 19 2016, @02:40PM
True of this proof of concept. Just wait until it emulates a composite device containing both a network adapter and a keyboard. Then it can Win+R* http://somecommandandcontrol.example [somecommandandcontrol.example] and take over.
If I understand it, PoisonTap spoofs an nds server to collect non-secured cookies from websites without an https connection. The cookies are then used to log into those sites with authentication information stored in a cookie. This would require a person to have an open login to that site. If no such cookies and login states exist, then the exploit is dead-ended.
PoisonTap might be a way to implement a man-in-the-middle, but I don't see how it could compromise the computer directly. And if a person is standing there alone with your computer, and free to bring any hardware along, he probably has better exploits to use.