Security programs are all protections that work well, but one simple device can render them defenseless.
It takes only a $5 Raspberry Pi Zero computer and free software to bypass protection on a computer using a backdoor installed through USB, said researcher Samy Kamkar.
Kamkar calls the hacking device PoisonTap and it can emulate an Internet over USB connection that tricks the computer into believing it has a connection via the Ethernet.
Using the software, the computer ends up configured to prioritize the USB connection over wireless or Ethernet, so it begins sending unencrypted web traffic to PoisonTap.
The device automatically collects HTTP authentication cookies and session data from the majority of websites, with the hacker explaining the top one million websites in Alexa are currently supported. Two-factor authentication also ends up bypassed. PoisonTap looks for cookies and doesn’t attempt to brute-force into the system or compromise login credentials.
Kamkar said the hacking device becomes useless if the computer doesn’t have at least one tab running in a browser. Additionally, he says that computers with USB ports disabled, or put in hibernation mode, are also secure because this way all processes end up suspended and the hacking device can no longer siphon data.
In addition, antivirus solutions won’t detect it, leaving the computer vulnerable to attacks.