Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

A Cheap New USB Dongle Can Take Over A PC Even if it is Locked

Serial hacker Samy Kamkar has released his latest invention, a tiny USB dongle that, whether plugged into a locked or unlocked PC, installs a set of web-based backdoors that in many cases allow an attacker to gain access to the victim’s online accounts, corporate intranet sites, or even their router.

“In a lot of corporate offices, it’s pretty easy: You walk around, find a computer, plug in PoisonTap for a minute, and then unplug it,” Kamkar says. The computer may be locked, he says, but PoisonTap “is still able to take over network traffic and plant the backdoor.”

There is some good news, however. The new USB dongle only attacks the web browser(s) installed in the computer. Next, it only works on sites that use HTTP rather than the far more secure HTTPS protocol, which signals to a browser to only share cookie data with a verified site.

Kamkar’s intention with PoisonTap isn’t to make it easier for stealthy intruders to install backdoors on corporate networks. Instead, he says, he wants to show that even locked computers are more vulnerable than security-conscious users might think. He quickly shares his invention’s details with computer manufacturers and with Microsoft and other software firms, enabling them to issue patches to correct the problem before the information falls into the hands of hackers.

You can

Categories: Hardware

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.