Partner Perspectives  Connecting marketers to our tech communities.
12/6/2016
12:50 PM
Matthew Rosenquist
Matthew Rosenquist
Partner Perspectives
50%
50%

PoisonTap USB Device Can Hack A Locked PC In A Minute

This is just one example of an emerging technology that enables anyone with physical access to a computer's USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.

PoisonTap is a fully automated proof-of-concept USB device that, when connected to a locked PC, hacks the device and installs a backdoor onto the user’s PC, allowing the attacker to access the victim’s online activities. It takes less than a minute and costs about $5.

Coffee In The Café

Imagine you are in the popular café near your workplace where everyone tends to frequent, and you get up to refresh your drink. Being security conscious, you lock your laptop before you get up. Gone for only two minutes, it was enough for a smooth attacker to come by and slyly insert a small device into your laptop’s USB drive and then moments later remove it and walk away without anyone suspecting foul play. You return to your locked PC none the wiser and continue to work, never knowing you have just been hacked.

Security researcher Samy Kamkar built the working proof-of-concept (POC) on Raspberry Pi Zero and Node.JS. When installed, it siphons cookies, exposes internal routers, and installs a Web backdoor.

USB ports and drives have always been an infection point for malware to gain a foothold on computers. The reason for this is that most computers will install plug-and-play drivers for USB devices without much scrutiny. This trust can be taken advantage of by hackers who present less-than-secure drivers as a way to get in. With access to the USB port, credentials can be stolen even when the screen is locked. Current exploits can work against Windows, OSx, and Linux operating systems.

Protecting Devices

A new generation of hacking USB drives is being developed, putting all of our PCs at risk while we step away for a moment or are distracted. They will get more powerful and virulent over time. Professionals are at risk while at conferences, meetings, coffee shops, and other venues where potentially untrustworthy people are present. It could happen in public, while at a customer’s site, or even in your own work office. It can take as little as 13 seconds and in many cases less than a minute to compromise a system and install a backdoor for remote access by the attacker.

PoisonTap is just one example of an emerging technology that enables anyone with physical access to a computer’s USB port to potentially harvest data and gain access by spoofing an Internet ecosystem. Such bold and scary attacks highlight the need to incorporate both improved physical security and cybersecurity aspects to properly manage the evolving risks.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Matthew Rosenquist is a cybersecurity strategist for Intel and benefits from 25 years in the field of security. He specializes in strategy, measuring value, and developing cost-effective capabilities and organizations that deliver optimal levels of security. Matthew helped ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
oxitech239
50%
50%
oxitech239,
User Rank: Apprentice
12/7/2016 | 9:39:34 AM
mostly F.U.D.
PoisonTap is yet another sad example of the growing lack of know-how on security in the security news industry. Or should i say, sensationmaking news.

PoisonTap is harder to pull-off than you'd expect and much easier to counter than one would expect.

It's shame even security fell to newsmaking and reputationcultivation.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17208
PUBLISHED: 2018-09-19
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell me...
CVE-2018-17205
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not ex...
CVE-2018-17206
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVE-2018-17207
PUBLISHED: 2018-09-19
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2017-2855
PUBLISHED: 2018-09-19
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HT...