Do you ever leave your computer unattended because you feel confident that your login password will keep people out? You might want to think again. Recently, a Los-Angeles based software engineer named Samy Kamkar designed a piece of… well… software that he calls Poison Tap. Poison Tap is designed to bypass any password locked computer and opens the machine to remote access without the user knowing anything about it.
Poison Tap was designed to be ran on a $5 device called Raspberry Pi Zero. A Raspberry Pi Zero is a minuscule computer that can fit in the palm of your hand. Utilizing a Pi Zero, USB adapter, and of course the Poison Tap software itself anyone can compromise your computer in a matter of just sixty seconds. That is a brief time to be away from your computer, so it makes this hack particularly dangerous for a large portion of computer users.
After this process is complete, Poison Tap acquires and collects all of the target user’s unencrypted login cookies. The hacker can then proceed to use the stolen cookie data to access all websites the user visited using the user’s own login details. The only positive aspect of this attack is that cookies from sites visited that were secure (https://) are unable to be obtained through the attack.
Now that Poison Tap has been used in the wild, we suggest a few security measures. First, and the most easy to implement, is to not leave your computer unattended. Second, we suggest completely closing your web browser prior to shutting your computer’s lid. In all main stream web browsers (Chrome, Edge, FireFox, etc…) you have the ability to pick up where you left off after closing the browser. Lastly, we suggest that you clear your browsing history on a regular basis.
Poison Tap throws out the conventional thought of first layer computer security. The software’s ability to bypass standard security measures such as password protection, two-factor authentication, DNS pinning, and more, even when the system is locked and/or sleeping is very concerning. Following our suggestions will help you in defending your system from would-be hackers attempting to open the Poison Tap on your unsuspecting computer.
For a more detailed breakdown, please visit the software developer’s site.