Partner Perspectives  Connecting marketers to our tech communities.
12/6/2016
12:50 PM
Matthew Rosenquist
Matthew Rosenquist
Partner Perspectives
50%
50%

PoisonTap USB Device Can Hack A Locked PC In A Minute

This is just one example of an emerging technology that enables anyone with physical access to a computer's USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.

PoisonTap is a fully automated proof-of-concept USB device that, when connected to a locked PC, hacks the device and installs a backdoor onto the user’s PC, allowing the attacker to access the victim’s online activities. It takes less than a minute and costs about $5.

Coffee In The Café

Imagine you are in the popular café near your workplace where everyone tends to frequent, and you get up to refresh your drink. Being security conscious, you lock your laptop before you get up. Gone for only two minutes, it was enough for a smooth attacker to come by and slyly insert a small device into your laptop’s USB drive and then moments later remove it and walk away without anyone suspecting foul play. You return to your locked PC none the wiser and continue to work, never knowing you have just been hacked.

Security researcher Samy Kamkar built the working proof-of-concept (POC) on Raspberry Pi Zero and Node.JS. When installed, it siphons cookies, exposes internal routers, and installs a Web backdoor.

USB ports and drives have always been an infection point for malware to gain a foothold on computers. The reason for this is that most computers will install plug-and-play drivers for USB devices without much scrutiny. This trust can be taken advantage of by hackers who present less-than-secure drivers as a way to get in. With access to the USB port, credentials can be stolen even when the screen is locked. Current exploits can work against Windows, OSx, and Linux operating systems.

Protecting Devices

A new generation of hacking USB drives is being developed, putting all of our PCs at risk while we step away for a moment or are distracted. They will get more powerful and virulent over time. Professionals are at risk while at conferences, meetings, coffee shops, and other venues where potentially untrustworthy people are present. It could happen in public, while at a customer’s site, or even in your own work office. It can take as little as 13 seconds and in many cases less than a minute to compromise a system and install a backdoor for remote access by the attacker.

PoisonTap is just one example of an emerging technology that enables anyone with physical access to a computer’s USB port to potentially harvest data and gain access by spoofing an Internet ecosystem. Such bold and scary attacks highlight the need to incorporate both improved physical security and cybersecurity aspects to properly manage the evolving risks.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Matthew Rosenquist is a cybersecurity strategist for Intel and benefits from 25 years in the field of security. He specializes in strategy, measuring value, and developing cost-effective capabilities and organizations that deliver optimal levels of security. Matthew helped ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
oxitech239
50%
50%
oxitech239,
User Rank: Apprentice
12/7/2016 | 9:39:34 AM
mostly F.U.D.
PoisonTap is yet another sad example of the growing lack of know-how on security in the security news industry. Or should i say, sensationmaking news.

PoisonTap is harder to pull-off than you'd expect and much easier to counter than one would expect.

It's shame even security fell to newsmaking and reputationcultivation.
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15380
PUBLISHED: 2019-02-20
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster serv...
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...