This $5 Device Can Hack Your Computer Even If It's Locked

Advertisement
By Ketan Pratap | Updated: 17 November 2016 16:37 IST
Highlights
  • PoisonTap is built for the $5 Raspberry Pi Zero
  • Samy Kamkar claims PoisonTap "entirely automated"
  • Some computer best practices can help avoid such attack
This $5 Device Can Hack Your Computer Even If It's Locked

Security experts have long advocated strong passwords for computers, however, a new $5 device developed by hacker Samy Kamkar is claimed to hack into any system in just a minute. The new $5 device dubbed PoisonTap is said to break into any computer system even if it's password-protected as long as a browser is running at the background.

"PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a Micro-USB cable & microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle," describes Kamkar in his blog post.

Explaining how the exploit device works, Kamkar wrote when PoisonTap is plugged into a locked (password-protected) computer - whether Windows, OS X, or Linux - it emulates an Ethernet device over USB (or Thunderbolt) and then takes over all Internet traffic from the machine. The device next siphons and stores HTTP cookies from the Web browser for the Alexa top 1,000,000 websites while exposing the internal router to the attacker, making it accessible remotely. The $5 device then installs a persistent Web-based back door in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs all with access to the user's cookies. This allows the attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any back doored domain. Kamkar says that the $5 device does not require the machine to be unlocked. It creates a back door and remote access persists even after device is removed from the computer.

Kamkar told Motherboard, "It's entirely automated. You plug it in, you leave it there for a minute, then you pull it out and you walk away. You don't even need to know how to do anything."

Advertisement

He adds that PoisonTap can evade various security mechanisms including password protected lock screens, routing table priority and network interface service order, http only cookies, multi-factor authentication, and DNS pinning among others.

He also gives away some of the ways users can protect their computers from PoisonTap exploit such as closing browser every time user walks away from computer, disabling USB/Thunderbolt ports is also effective, or switching to encrypted sleep mode are some of the ways users can avoid attack.

Advertisement

 

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Apple Announces iOS 26 With Liquid Glass Design, These New Features
  2. iQOO 13 and More Available With Discounts During iQOO 5th Anniversary Sale
  3. Poco F7 India Launch Teased; Flipkart Availability Confirmed
  4. WWDC 2025 Highlights: Apple Unveils iOS 26, macOS 26 and Liquid Glass UI
  5. Samsung Galaxy Z Fold 7, Z Flip 7 Unpacked Event Said to Be Held Mid-July
  1. WWDC 2025: Apple Announces iOS 26 With New Liquid Glass Design, Apple Intelligence Enhancements and More
  2. WWDC 2025: Apple Intelligence Models Expanded to Developers, Live Translation Feature Unveiled
  3. Xbox Chief Phil Spencer Hints at 'Return' of Halo: Combat Evolved Next Year
  4. Vivo X Fold 5 Design Teased; Confirmed to Feature 8T LTPO Panels, Meet IP5X and IPX9+ Certifications
  5. Oppo K13x 5G Price Range in India Tipped; Alleged Retail Box Suggests Flat Display
  6. WWDC 2025: Apple Faces AI, Regulatory Challenges As it Woos Developers at Annual Conference
  7. WazirX Parent Zettai Urges Singapore Court to Review WazirX Restructuring, Extend Moratorium
  8. AI+ Smartwatch With Built-in TWS Tipped to Launch in June; Retail Box Image Leaked
  9. Vivo T4 Ultra to Get MediaTek Dimensity 9300+ SoC; Camera, Display Features Revealed
  10. Capcom Reveals Resident Evil Requiem at Summer Game Fest, Launch Set for February 2026
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.