Raspberry Pi Zero device can hack a computer in less than a minute

The £4 microcomputer can carry out a hack in seconds, even if it's locked

Despite complicated passwords and other security measures, PCs can still be vulnerable to hacking, even from a small device that costs under 5.

The so-called PoisonTap, developed by privacy and security researcher Samy Kamkar, is made out of a Rasperry Pi Zero microcomputer, which costs 4, and a common USB cable. When plugged into a computer, it can steal login details to websites in less than a minute.

The device hijacks the computer's internet traffic by giving it an IP address, easily stealing the users' login details for websites like Facebook or Gmail.

It prompts the computer to send requests from the web browser to websites to steel its cookies, which often contain login details of the person or people who generally use the browser.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

These details are then sent to the hacker through the PoisonTap, allowing them to access users' personal accounts.

After it has been unplugged, the PoisonTap still maintains backdoor and remote access to the computer.

It works on locked computers as well, if the user happens to have left web browsers open. This can be detrimental in work places, where employees might have left their computer unattended to participate in a meeting or take a break.

The device is ideal for such circumstances, as it needs under a minute to work (usually around 30 seconds), and can carry out the whole process without unlocking the PC.

Security analyst Graham Cluley told IT Pro: "I'm not sure this is a huge threat to the typical computer user, but that if an attacker gets physical access to your turned-on PC then we often find that all bets are off."

In a post presenting the device, its creator, Kamkar, said: "Closing your browser every time you walk away from your machine can work, but is entirely impractical."

Advertisement - Article continues below

Instead, he suggests using HTTPS exclusively, at least for authentication and authenticated content, as well as ensuring the Secure flag is enabled on cookies, and using HSTS to prevent HTTPS downgrade attacks.

Finally, he also provides some Desktop Security advice, such as adding cement to USB and Thunderbolt ports or disabling them entirely.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/hardware/32939/raspberry-pi-opens-its-first-high-street-store-in-cambridge
Hardware

Raspberry Pi opens its first high street store in Cambridge

7 Feb 2019
Visit/hardware/33891/raspberry-pi-4-model-b-review-back-and-better-than-ever
Hardware

Raspberry Pi 4 Model B review: Back, and better than ever

22 Jan 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020