Stories
Slash Boxes
Comments

SoylentNews is people

Low-Cost "PoisonTap" Tool Can Compromise Locked Computers

posted by janrinok on Saturday November 19 2016, @05:42AM   Printer-friendly
from the smart dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A new attack tool that can compromise locked computers will leave you wishing you could take your machine with you everywhere you go.

Dubbed PoisonTap, the tool consists of a Raspberry Pi Zero controller with a USB or Thunderbolt plug, loaded with open source software. All in all, this setup can be achieved by anyone who has $5 to spare.

What is PoisonTap capable of, you ask?

Plugged into a locked/password protected computer, it can hijack all Internet traffic from the machine, open the internal router to the attacker, collect HTTP cookies and sessions from web browsers, install a web-based backdoor in HTTP cache for hundreds of thousands of domains, install a backdoor into the machine that does not depend on the device being plugged in, and more. It is capable of compromising Macs and PCs running Windows.

There is also a YouTube video (5m22s).

Source: https://www.helpnetsecurity.com/2016/11/17/poisontap-compromise-locked-computers/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Low-Cost "PoisonTap" Tool Can Compromise Locked Computers | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by darkfeline on Saturday November 19 2016, @09:15PM

    by darkfeline (1030) on Saturday November 19 2016, @09:15PM (#429620) Homepage

    If someone has physical access to a running machine, they can dump your entire disk unencrypted and install all manner of backdoors and keyloggers.

    So yeah, this attack is kind of pointless.

    It does bring up an interesting point though: should machines drop disk/RAM decryption while the machine is locked? It's nontrivial, but it's possible. It'd also be rather tedious typing a long LUKS password every time to log in. Perhaps a better solution would be to disable all (new?) peripherals except the keyboard during screen lock.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by rob_on_earth on Monday November 21 2016, @11:39AM

    by rob_on_earth (5485) on Monday November 21 2016, @11:39AM (#430445) Homepage

    there have been numerous examples of physical machines sporting a USB port in public places. Cash machines, cash registers, ATMs, voting systems, doctors and hospital computers that patient is left alone with.

    The fun ones are where the manufacturer hides the USB port but its still there. I am sure there was a series of attacks where ATMs were drilled to expose the port.