PoisonTap USB can Hack a Locked PC in a Minute

PoisonTap is a fully automated proof-of-concept USB device which when connected to a locked PC, hacks the device and installs a backdoor onto users' PC allowing attacker to access victims' online activities.  It takes less than a minute and costs about $5.


Coffee in the Café

Imaging you are in the popular café near your workplace, where everyone tends to frequent, and you get up to refresh your drink.  Being security conscious, you lock your laptop before you get up.  Gone for only 2 minutes, it was enough for a smooth attacker to come by and slyly insert a small device into your laptop’s USB drive and then moments later remove it and walk away without anyone suspecting foul-play.  You return to your locked PC, none the wiser, and continue to work, never knowing you have just been hacked.

Samy Kamkar, the security researcher, built the working proof-of-concept (POC) on Raspberry Pi Zero and Node.JS.  When installed, it siphons cookies, exposes internal router and installs a web backdoor.

Vulnerable USB Ports

USB ports and drives have always been an infection point for malware to gain a foothold on computers.  The reason for this is that most computers will install plug-and-play drivers for USB devices without much scrutiny.  This trust can be taken advantage of by hackers who present less-than-secure drivers as a way to get in.  With access to the USB port, credentials can be stolen even when the screen is locked.  Current exploits can work against Windows, OSx, and Linux operating systems.

Protecting Devices

A new generation of hacking USB drives are being developed, putting all our PC’s at risk while we step away for a moment or are distracted.  They will get more powerful and virulent over time.  Professionals are at risk while at conferences, meetings, coffee shops and other venues where potentially untrustworthy people are present.  It could happen in public, while at a customer’s site, or even in your own work office.  It can take as little as 13 seconds and in many cases less than a minute to compromise the system and install a backdoor for remote access by the attacker.  PoisonTap is just one example of emerging technology which will enable anyone with physical access to a computer (USB port) to potentially harvest data and gain access by spoofing an internet ecosystem.  Such bold and scary attacks highlight the need to incorporate both improved physical and cyber security aspects to properly manage the evolving risks.
Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.