If you step away from your computer, an attacker could quickly insert a USB stick and take control using a series of vulnerabilities. The device costs only $5.
While most people know not to leave their computer alone in a public space, locking the system with a password gives many users a feeling of security.A new hacking tool released this week has shown how illusory that feeling is, demonstrating the danger of leaving any system unsupervised. The tool, known as PoisonTap, can be loaded onto a $5 Raspberry Pi barebones computer and will take over the internet connection of any system to which it is connected. Once plugged in, the program will steal the victim’s cookies for the top 1 million Web sites, expose internal routers to the Internet, and allow remote access to the system.The hacker behind the program, Samy Kamkar, a security researcher best known for creating the MySpace worm in 2005, announced the tool on Nov. 16.“When plugged into a locked or password-protected computer, it takes over all internet traffic momentarily,” Kamkar said in a video explaining the attack. “The back door and remote access persists even after the device is removed and you walk away.”
The attack is a bold demonstration that leaving a computer unattended is never a good idea.