You can access to a password protected computers in minutes, with a 5$ Raspberry Pi Zero and Node.js

Be careful, next time that you leave your computer unattended at your office!

Some time ago I spoke about a USB dongle that allows access to password-locked computers in a few seconds.

Now the hardware hacker Samy Kamkar has released a similar tool that allows you to install a backdoor on a target system by simply connecting it to the USB port for a few seconds.

The new exploit tool is called PoisonTap, runs with freely available software on a tiny Raspberry Pi Zero microcomputer that once plugged into a Windows or Mac computer via USB port, starts impersonating a new ethernet connection and starts a man-in-the-middle attack.

How it works?

From Samy’s post:

When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer, it:

  • emulates an Ethernet device over USB (or Thunderbolt)
  • hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
  • siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
  • exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
  • installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
  • allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
  • does not require the machine to be unlocked
  • backdoors and remote access persist even after device is removed and attacker sashays away

Kamkar has also published a video demo of the tool:

For all technical explanations, refer to the original post:

How i can protect my computer against PoisonTap?

Kamkar’s suggestions are ironic and slightly useless:

  • Adding cement to your USB and Thunderbolt ports can be effective
  • Closing your browser every time you walk away from your machine can work, but is entirely impractical
  • Disabling USB/Thunderbolt ports is also effective, though also impractical
  • Locking your computer has no effect as the network and USB stacks operate while the machine is locked, however, going into an encrypted sleep mode where a key is required to decrypt memory (e.g., FileVault2 + deep sleep) solves most of the issues as your browser will no longer make requests, even if woken up


This site uses Akismet to reduce spam. Learn how your comment data is processed.