Thursday, November 17, 2016

Hack Locked Computer using $5 Device (PoisionTap)

If you think that your computer is safe when it is locked with a strong password, then Samy Kamkar’s device PoisionTap will make you wrong. This cheap exploit tool takes just 30 seconds to install a privacy-invading backdoor into your computer.

PoisionTap, a tiny $5 Raspberry Pi Zero microcomputer loaded with Node.js code and attached to a USB adapter. Inventor has publicly released the source code to PoisionTap, so that any would-be hacker can try it out for themselves.

If you are a hacker and want to hack or get information of any of your coworker in your office. All you need is to plug this device in the target computer and wait. PoisonTap targets the victim’s browser cache and injects the malicious code there.

Once the hacking tool is recognized by the target machine, it is loaded as a low-priority network device that starts impersonating a new Ethernet connection and runs a DHCP request across it. The machine sends a DHCP request to the tool that in response tells it that the entire IPv4 address space is part of PoisonTap’s local network. In this way, the entire traffic it routed through the PoisonTap device before reaching the legitimate gateway to the Internet. With this trick, it intercepts all unencrypted Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites.

PoisonTap will give you an invisible position on the local network to connect to the intranet site and send data to a remote server. Now this computer will be in your control even after this tool is unplugged from the targeted computer. Since it uses siphons cookies, you can also hijack the target user's online accounts even they are secured with two-factor authentication (2FA).

Inventor says “it can also bypass many other security mechanisms, including same-origin policy (SOP), HttpOnly cookies, X-Frame-Options HTTP response headers, DNS pinning and cross-origin resource sharing (CORS). Whenever the websocket is open, the attacker can remotely send commands to the victim and force their browser to execute JavaScript code

There is no easy fix available for users as long as a web browser application is running in the background.