Serial hacker Samy Kamkar recently built a USB stick that allows hacking even a locked PC in under a minute. All a hacker needs is a momentary access to a person's unattended PC and all that's inside including login details to online accounts can be copied and exploited.
This technology is called PoisonTap. What could be a more appropriate name than that? It's made from a $5 microcomputer called Raspberry PiZero, which is attached on a USB cable, Telegraph UK reported. The Raspberry functions as an internet connection and hijacks a PC's internet traffic. It steals crucial datum used to get into Facebook or Gmail.
According to the same report, the USB stick works on locked computers but only when there's an internet browser left running. PCs particularly vulnerable to this attack are those that are left for short breaks or meetings.
This new technology breaks the lock code technology that PCs have. What it does is trick the computer's web browsers to send requests to the world's top million websites. It will steal its cookies containing the log in details that web browsers' have auto-memorized so users wouldn't have to re-enter their passwords all the time.
Through the PoisonTap, the stolen information will then be sent to the hacker's servers and will be used to log in to email accounts that contain more vital information. The PoisonTap will no longer require the hackers to enter passwords for these accounts as they've already been hijacked.
The PoisonTap also opens backdoors for corporate intranet sites and routers, Wired reported. The attack is harder to protect as the technology pulls it off on a series of subtle design issues, which are present in every operating system. It doesn't install a malware because according to the designer hacker, it's a thing of the past and is easily detectable. It hides malicious code to the owner's cache instead.
Web security researcher and SentinelOne's chief of security strategist, Jeremy Grossman, said this is going to be very difficult to detect. Once the physical access is done, everything hidden inside a PC and the person's web browsers will come loose. He added that it's the most clever and effectively designed backdoor tool he's ever seen.