Raspberry Pi Zero device can hack a computer in less than a minute

The £4 microcomputer can carry out a hack in seconds, even if it's locked

Despite complicated passwords and other security measures, PCs can still be vulnerable to hacking, even from a small device that costs under 5.

The so-called PoisonTap, developed by privacy and security researcher Samy Kamkar, is made out of a Rasperry Pi Zero microcomputer, which costs 4, and a common USB cable. When plugged into a computer, it can steal login details to websites in less than a minute.

The device hijacks the computer's internet traffic by giving it an IP address, easily stealing the users' login details for websites like Facebook or Gmail.

It prompts the computer to send requests from the web browser to websites to steel its cookies, which often contain login details of the person or people who generally use the browser.

These details are then sent to the hacker through the PoisonTap, allowing them to access users' personal accounts.

After it has been unplugged, the PoisonTap still maintains backdoor and remote access to the computer.

It works on locked computers as well, if the user happens to have left web browsers open. This can be detrimental in work places, where employees might have left their computer unattended to participate in a meeting or take a break.

The device is ideal for such circumstances, as it needs under a minute to work (usually around 30 seconds), and can carry out the whole process without unlocking the PC.

Security analyst Graham Cluley told IT Pro: "I'm not sure this is a huge threat to the typical computer user, but that if an attacker gets physical access to your turned-on PC then we often find that all bets are off."

In a post presenting the device, its creator, Kamkar, said: "Closing your browser every time you walk away from your machine can work, but is entirely impractical."

Instead, he suggests using HTTPS exclusively, at least for authentication and authenticated content, as well as ensuring the Secure flag is enabled on cookies, and using HSTS to prevent HTTPS downgrade attacks.

Finally, he also provides some Desktop Security advice, such as adding cement to USB and Thunderbolt ports or disabling them entirely.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Turn your Raspberry Pi into an aircraft tracker
Mobile

Turn your Raspberry Pi into an aircraft tracker

13 Jun 2020
SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021