Technology - - Nov 18,2016
The serial Hacker has coined the name, ‘PoisonTap’ for this fully automated device which he created on a Raspberry Pi microcomputer. He uploaded a video on YouTube showing what the device does when it breaks into a computer and hacks it in minutes.
The device can work on other systems, as well as like a USB Armory and LAN Turtle. Samy demonstrated PoisonTap working on a Macintosh computer and confirmed it can also work on other platforms.
The device will work only if the user has left a browser open in the background. Once plugged into the USB port, it copies a network device and attacks all outbound connections by pretending to be the whole internet and thus, the computer sends all data to it. The device then uses system’s cookies- small files that stores information about internet use in a system.
After stealing all the cookies, the hacker can access any website without the need of username or password. However, the device cannot steal cookies of the websites that use HTTPS (hypertext transfer protocol secure) web encryption.
PoisonTap can also hack Mac and Windows operated systems, which boasts st of a high security and restricted connectivity.
Some of the ways in which users can protect their computers from PoisonTap are by closing their browser every time they finish their work, disabling USB ports when turning off the computer or switching to encrypted sleep mode.
Experts call this device a considerable threat, some said that even when someone is not using a web browser, it continues making requests and communicating due to background updates and ads. This device steals session cookies from the top one million websites, thus expanding the reach of its threats.
The device is entirely automatic and fairly inexpensive. All that is needed to do is to plug it in for a minute and the hacker will have everything he needs.