PoisonTap, a $5 Hacking Device That Can Prove to Be Costly

Technology can be used for both good and bad. As cyber researchers and developers continue to develop state of the art security features, the same set of skills can be used to circumvent them as well. Samy Kamkar, a hardware hacker has proven it with his PoisonTap device.

The PoisonTap, comprising of a Raspberry Pi Zero microcomputer along with a USB adapter, costing no more than $5 is capable of wreaking havoc. According to reports, the device with free to use software can be used to create a backdoor entry into any locked computer in less than 30 seconds. Effective against Windows, Linux and Mac OS based machines, the backdoor created by the device can be used by a hacker to intercept all unencrypted web traffic, steal HTTP authentication cookies to access private accounts and sessions from the compromised browser. In order to do that, all it needs is one open browser tab or a webpage loading unencrypted data (even ads).

Among various concerns about the potential misuse of PoisonTap by those with malicious intent, theft of Bitcoin is one. A hacker can easily make use of the compromised computer to log into the victim’s online Bitcoin wallet by using the authentication cookies, bypassing two-factor authentication. Once successfully accessed, he can transfer the balance to his own account. However, for the attacker to infect the computer, he will have to access the machine physically and plug the PoisonTap device into one of the USB ports.

According to a technology website, there are few precautions one can take to prevent PoisonTap from being installed on the computer. The best way is by not leaving the computer unattended while it is still running. Otherwise, one can either choose to close all the open browsers before putting the device to sleep; put the computer on hibernate mode instead of sleep mode; disable all USB drives on the computer; clear browser’s cache frequently; or use full disk encryption applications in combination with deep sleep option.

Most of the precautionary steps are impractical, especially when one has to frequently move away from the device for shorter durations. However, keeping the security in mind it is better to put up with these minor inconveniences. To be on the safer side, those with the habit of storing their Bitcoin in online wallets should switch to physical Bitcoin wallets for safe keeping.

Ref: HackerNews | Image:  Shutterstock