You think your computer is safe from hackers when it’s locked? Think again.

 

Poison Tap plugged into a laptop
Poison Tap plugged into a laptop

 

You may feel like locking your device is enough to keep a hacker from getting to it, but even if you have a password to protect your PC, it is still vulnerable to being hacked especially now that there’s  a $5 device capable of stealing your  log-in information to your favorite websites in about sixty seconds tops.

 

This device is called the PoisonTap.

 

It is made of Raspberry Pi Zero microchip and a USB cable. It copies a web connection to illegally seize all of a PC’s web traffic, taking the information used to login to Facebook or Gmail and other similar sites.

 

The Poison Tap works on PC’s that have been locked by a password but still have a browser left running, as is the case with so many computers that are locked when the user is out for a lunch or meeting.

 

It takes roughly sixty seconds for the Poison Tap to deceive the PC into forwarding requests from the open browser to top million sites worldwide, steal the web scripts used by the user to access the websites when browsers go back to them instead of having to keep entering a password each time. The cookies, as what these are called, are then forwarded to the servers of the hacker through PoisonTap and are used to get remote access to an electronic mail or social media account.

 

Because this process works while the computer is locked, there’s no need for the hacker to use a password or use the PC another way other than plugging the Poison Tap into the computer for at least thirty seconds. The web browser does not need to be opened on the computer, it can just be kept running in the background.

 

This device fools the PC into sending all web traffic by granting it an IP address that includes the whole IP scope, rather than just one unit.

 

Apart from stealing cookies, the device is capable of installing a backdoor on a browser which, in turn, can be used to remotely control it.

 

According to the “ethical” hacker who invented the Poison Tap, Samy Kamkar, the best defense against the device is to exit all web browsers each time users lock their PC’s or simply put the computers in sleep or hibernate mode so the processes running in the background is temporarily stopped.

Samy Kamkar, creator of Poison Tap
Samy Kamkar, creator of Poison Tap

Users don’t need to worry much this early though. Kamkar said he created Poison Tap to prove that such a hack is feasible and was not made for malicious use or to sell it to cyber criminals.