The digital world offers a lot of things that can make our lives easier. However, there are some people who will try to cause harm to other users online. There are already many inexpensive devices out there that are specifically designed to inflict serious damage to electronics. Now, one of the latest of these devices that you should be aware of is Poison Tap, which can easily steal data from your computer.
What Is Poison Tap
Poison Tap is a hacking device built by security researcher and computer hacker Samy Kamkar using an inexpensive ($5) Raspberry Pi Zero microcomputer. It has the ability to hijack a system by just connecting to the USB port. What makes this device very dangerous is that it will still work even with a locked or password-protected computer.
Basically, this hacking device tricks a computer into thinking that it is just an ordinary network adapter. Once it establishes access to the system, it can pose danger to the user in a variety of ways. According to Kamkar, it allows the attacker to break into the victim’s web accounts without being detected, even with two-factor authentication protection or SSL connection. It can then steal data, intercept network traffic, and re-route requests. While Kamkar demonstrated Poison Tap working on a Mac computer, he implicated that it will also work on all operating systems.
How Poison Tap Works
Once Poison Tap is inserted into a computer, it sneakily inserts a malicious code into the browser cache. It will stay in the system even after the cache is cleared. It also has the ability to quickly infect a system, which means that a computer will always be at risk even if it is only briefly unattended. So, how does this device work, specifically?
Poison Tap hijacks the network.
Poison Tap acts like a Linux microcomputer presenting itself as an Ethernet network. It works like a router and then allocates IP addresses for the local network using the Dynamic Host Configuration Protocol (DHCP). In the process, it becomes a channel for receiving and sending traffic that flows through the network.
Poison Tap also serves as a gateway for all internet traffic by defining the entire IPv4 address space of the targeted system to be part of the local network. This means that the attacker will be able to monitor and control unencrypted traffic received and sent by the computer over its network connection.
Poison Tap siphons your cookies.
When a web browser is infected, it will perform an HTTP request of which traffic will then exit to Poison Tap. It works by the following steps:
- The device spoofs a network adapter and then returns its own address that will cause the HTTP request to hit its own web server.
- It will then send a response that can be interpreted and executed properly as Javascript or HTML.
- Any HTTP cookie will be bypassed and then captured because no Javascript is executed on the domain itself. It is only used to load the inline frame (iframe) instead.
Even if you are using hypertext transfer protocol secure (HTTPS), but unable to set the “Secure Flag” option, your cookies will still be bypassed and then sent to the Poison Tap server.
Poison Tap creates web-based backdoors.
This hacking device has the ability to produce thousands of iframes, which are not only blank pages, but are actually HTML+Javascript backdoors that are indefinitely cached. It then forcefully caches these backdoors on the domains and allows the attacker to use the cookies that he will find. What’s worse, it can still perform this task even if the user is not logged in.
How to Protect Yourself from Poison Tap
As mentioned above, Poison Tap can easily infect your computer even if you lock it when you are away, or protect it with a strong password. Luckily, there are still some security measures that you can take to prevent the attack.
1. Disable Your USB Ports
The best way to prevent an attack from Poison Tap would be to patch your USB ports with cement. This will entirely make sure that the ports will not be usable. Obviously, this is an extreme, so you can just disable the ports on your computer system’s BIOS.
2. Always Use HTTPS
As a two-step verification cannot protect you from this threat, make sure you only use HTTPS and enable the “Secure Flag” option for cookies. This will be an excellent step towards protecting your computer, especially when you are always browsing the web.
3. Close Your Browsers after Every Use
Make sure that you close your browsers each time you leave your computer, even if you lock it. It is also important to flush your browser cache regularly.
4. Enable FileVault2
If you have a Mac computer, you can enable the FileVault2 full-disk encryption program to prevent unauthorized access to your information on start-up. You should also put your computer to sleep when you leave.
5. Not Leaving Your Computer or Laptop Unattended
For Poison Tap to work, physical access to the targeted computer is required. This means that the best way to prevent an attack is not leaving your computer or laptop unattended.
