The 100K device helps hack computer passwords in one note.

Even the most powerful password can not overcome this tool, Sammy Kamkar has both performed and showed that sometimes hacking becomes too simple.

Kamkar's new discovery comes from Poison Tap, which is a free software and a Raspberry Pi Zero microcomputer costs about 100 thousand dong ($ 5). In just 30 seconds, it passed the lock screen and started installing the backdoor. The system is unlocked before the device is removed from the USB port.

If you think a complex password can help you in this situation, you're wrong because PoisonTap doesn't work that way and it bypasses all to unlock it.

After plugging in the PoisonTap device, it starts accessing the internet via USB port. When successful, your laptop will assume it is connecting to the internet via ethernet and start sending all unencrypted traffic from the web to the device's microcontroller. The wifi security system also cannot save you because the device tricked the computer to prioritize its connection.

As a middle person, the device starts to steal any HTTP authentication cookies that you use to log into your account, including millions of sessions of data from websites, Alexa said. Worse, with the way that this device is two-factor authentication (not verified), PoisonTap basically sucks cookies on you and not information. Private security for login (login credentials), so it is possible to steal two-factor accounts easily.

hacker

The only thing about this tool's effectiveness is that users have to have a browser tab running on the locked device (locked device). However I think most of us will leave the browser closed when closing the computer screen.

Kamkar also has some tips to help us protect ourselves, but they are not really effective.

  • Put the computer into hibernate state and not sleep. Because in the hibernation state the machine will interrupt all operations.
  • Turn off all browsers when you leave the computer
  • Clear browser cache regularly
  • Use full-disk encryption
  • Remove the USB connector

ITZone via TheNextWeb

Share the news now