Poison Tap: This $5 USB Device Can Hijack Any Locked Computer

Poison Tap: This $5 USB Device Can Hijack Any Locked Computer
Image Source: Youtube/Samy Kamkar (screenshot)

Poison Tap, a USB device that costs no more than $5, can hack into web browser cookies and other parts of any computer just by being plugged into a spare USB port, claims Samy Kamkar, the developer of the USB device. Kamkar built the device out of a Raspberry Pi microcomputer.

Play Quizzes 4

Poison Tap makes hacking child’s play

In a YouTube video, the device was shown hacking a Mac. The USB device hijacks all web traffic once connected to the password-protected and locked Mac by pretending to be a standard Internet connection. Kamkar claims that there is no reason Poison Tap will not work on other computing platforms like PCs powered by Windows. As long as the web browser is running on the target PC, the USB device steals cookies.

Apparently, the USB device requires no expertise to use, and if the need arises, the hack can be carried out by Poison Tap remotely. Once triggered, the hack steals cookies, enabling hackers to spoof the identity of a user across any social media platform or other website for which cookies were stored on the PC. The developer indicates that the target machine doesn’t need to be unlocked to gain access, but a web browser must be running, at least in the background.

This Long/ Short Equity Firm Sees A Time-Arbitrage Opportunity In This Pest Control Merger

PestYost Partners was up 0.8% for the first quarter, while the Yost Focused Long Funds lost 5% net. The firm's benchmark, the MSCI World Index, declined by 5.2%. The funds' returns outperformed their benchmark due to their tilt toward value, high exposures to energy and financials and a bias toward quality. In his first-quarter letter Read More

The interesting thing is that the hacker can potentially use the stolen cookie data to access the websites that the user visited. In addition, the hacker can sign in as the user without entering username and password information.

A plausible security threat

Poison Tap is a plausible threat, according to security outfit Trend Micro’s Rik Ferguson. The two-step authentication may not be sufficient to keep people safe because the USB device is able to intercept cookies and pretend to be in an open session, Ferguson told the BBC.

“[In normal circumstances] Even when you are not using a web browser it is still making requests and communicating – due to updates or ads. Once the device is plugged in it exploits that communication and steals session cookies from the top one million websites,” Ferguson told the BBC.

According to Ferguson, Poison Tap is especially a threat to users who often leave their PC unattended. The only secure way to guard against the USB device is to use an encrypted connection like HTTPS.

“The most important thing they can do is use exclusively HTTPS, this would also be a fantastic step forward for the web,” says Ferguson.

Updated on

Aman is MBA (Finance) with an experience on both Marketing and Finance side. He has worked as a Risk Analyst for AIR Worldwide, and is currently leading VeRa FinServ, a Financial Research firm. Favorite pastimes include watching science fiction movies, reviewing tech gadgets, playing PC games and cricket. - Email him at amanjain@valuewalk.com
Previous article Here’s what happened when ancient Romans tried to drain the swamp
Next article iPhone 8: Recent Apple Patent Hints At A Flip Phone

No posts to display