PoisonTap Hijacker

hack hacker hacked

If you lock your computer and walk away, it takes only 30 seconds for a hacker armed with a small $5 Raspberry Pi Zero, which is loaded with devious code, to completely pwn your password-protected computer and install remotely accessible backdoors.

PoisonTap, the latest creation of hacker and developer Samy Kamkar, has a long list of wicked slick capabilities, including the fact that after an attacker removes the device from a USB port, a backdoor and remote access will persist on both your computer and your router.

When inserted into a USB port, PoisonTap tricks a computer into believing it was just plugged into a new Ethernet connection that takes over all internet traffic.

Even if you locked your computer, be that a Mac or PC, but leave an HTTP-based site open in a browser window, then the site continues to run HTTP requests in the background. PoisonTap intercepts all unencrypted web traffic and sends the data to an attacker-controlled server. By capturing non-encrypted authentication cookies, an attacker could access a user’s personal accounts.

Here’s a review of all of PoisonTap’s capabilities:

  • Emulates an Ethernet device over USB
  • Hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
  • Siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
  • Exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding
  • Installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
  • Allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
  • Does not require the machine to be unlocked
  • Backdoors and remote access persist even after device is removed and attacker sashays away

Security recommendations, for both server administrators and device owners.

  • First and foremost, all websites should run via HTTPS
  • HSTS should be used together with HTTPS
  • Secure flag must be used with cookies at all time, to prevent websites from sending cookies accidentally via HTTP
  • Servers should use Subresource Integrity (SRI) for delivering JavaScript files
  • Blocking access to USB and Thunderbolt ports (Kamkar recommends using cement, as a joke)
  • Closing browsers when walking away from a PC
  • Putting the PC in sleep mode when walking away

FOR MORE INFORMATION CALL ABM COMPUTERS 510.522.4921

Advertisements

About ABM COMPUTERS

Originally Alameda Typewriter, ABM COMPUTERS has served the entire San Francisco Bay Area with professional, first-rate IT support and computer sales from the same location since 1939. Building on decades of experience, along with a dedicated team, we continue to provide in-shop and on-site standout, services and comprehensive, affordable solutions for all your computing needs.

Posted on November 21, 2016, in Computer Advice. Bookmark the permalink. Leave a comment.

Comments are closed.

%d bloggers like this: