The Raspberry Pi Zero becomes a tiny lethal system hacking through PoisonTap

Samy Kamkar is an engineer who takes time demonstrating how small conventional devices can be much more dangerous than usual. His latest creation is PoisonTap, software that converts the small Raspberry Pi Zero a lethal device for the safety of our laptops.

This tool achieves that by connecting the RPi Zero any USB port of a computer all unencrypted web traffic is intercepted, including authentication cookies that are used to log on to all kinds of private accounts, and that information to a server that is under the attacker's control is then sent.

An open browser is all you need PoisonTap

No solo eso: el software instala una puerta trasera que hace que el navegador web y la red de área local del propietario de ese PC o portátil puedan ser controlados por el atacante. El resultado es evidente: si dejas tu equipo sin supervisión durante unos instantes, anyone could use this tool to take control of all that information and resources without problems.

As indicated in Ars Technica, motivation PoisonTap Its the “show that even in a computer password protected and connected to a WiFi network with WPA both your system and your network can be attacked quickly and easily”.

PoisonTap funciona tanto en Windows como en macOS (el autor no la ha probado en Linux) y convierte a la Raspberry Pi Zero a kind of gateway to a network that makes the computer has to send through it all that traffic.

And PoisonTap is an open browser with one tab, inyecta una serie de tags HTML que lo conectan a un millón de sitios web (los más populares en Alexa) a los que trata de conectarse desde ese navegador. If traditional systems have automatic logon in these services and web pages we will be lost, because those credentials will be saved by PoisonTap to transmit them to the attacker's server.

Para protegernos de este tipo de amenazas es importante tratar de conectarnos siempre a páginas seguras (que soporten HTTPS), and also secure cookies that prevent such data logon being intercepted. It would also be advisable that if you are going to leave the computer unattended it bloqueáseis, but before cerráseis any browser and tabs. Y luego está la solución definitiva: llevaros el ordenador allá donde vayáis, something especially difficult on many occasions, especially when it comes to desktop PCs.

Source | Engadget
Autor: Javier Pastor

Be Sociable, Share!

About The Author