Serial hacker Samy Kamkar has released his latest invention, a tiny USB dongle that, whether plugged into a locked or unlocked PC, installs a set of web-based backdoors that in many cases allow an attacker to gain access to the victim’s online accounts, corporate intranet sites, or even their router.
“In a lot of corporate offices, it’s pretty easy: You walk around, find a computer, plug in PoisonTap for a minute, and then unplug it,” Kamkar says. The computer may be locked, he says, but PoisonTap “is still able to take over network traffic and plant the backdoor.”
There is some good news, however. The new USB dongle only attacks the web browser(s) installed in the computer. Next, it only works on sites that use HTTP rather than the far more secure HTTPS protocol, which signals to a browser to only share cookie data with a verified site.
Kamkar’s intention with PoisonTap isn’t to make it easier for stealthy intruders to install backdoors on corporate networks. Instead, he says, he wants to show that even locked computers are more vulnerable than security-conscious users might think. He quickly shares his invention’s details with computer manufacturers and with Microsoft and other software firms, enabling them to issue patches to correct the problem before the information falls into the hands of hackers.
You can read more at https://goo.gl/NzXWxI.