by | | 0 comment(s)

One more reason never to trust an unknown USB device around your Windows 10 laptop

PoisonTap can hack a locked Windows 10 PC

There is a million reasons against plugging any random USB stick into your laptop, and most users with moderate computing literacy tend to know better than trusting a USB device from an unknown source.

This is why most computers are configured to lock automatically after a period of inactivity, in case unscrupulous strangers manages to make their way to an unattended laptop, or desktop, left unlocked in an office environment, or any place where semi-public access is possible, to an extend sufficient to allow a stranger to plug an unknown device into a computer and unleash any number of threats designed to steal information, and even take control of the computer, remotely.

As mentioned earlier, these types of direct attack are typically limited to computers that are already unlocked, except for a recently developed tool which does not require a PC, or a Mac to be unlocked, in order to wreak havoc.

Enter: PoisonTap

PoisonTap is a most fitting name for a vary effective method to gaining access to any system, may that be an Apple MacBook, a Windows 10 PC, or even a Linux box, and enable a wide range of exploits.

According to the Applied Hacking’s page managed by PoisonTap’s creator, Samy Kamkar, the device, which consists of a $5 Raspberry Pi Zero, and a mini USB adapter, is able to perform several actions, while the target computer is locked.

These include: emulating an Ethernet device over USB or Thunderbolt, hijacking all Internet traffic from the local PC, siphoning and local storage data from the web browser for the Alexa top 1,000,000 websites, exposing the internal router and making it accessible remotely, and installing a persistent backdoor with access to the user’s cookies via cache poisoning.

If that weren’t bad enough, PoisonTap is also designed to allow an attacker to “...remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain...”, which, for the uninitiated, it means all kind of trouble when accessing social networking websites, shopping websites, or any site where a user is allowed to login with a form to access private information (i.e. Ashley Madison).

PoisonTap is also resilient to many security mechanisms, aside from locked screens, such as Routing Table priority, which determines the priority of a network device over others. By this token, PoisonTap emulates a local network with high priority, which forces all Internet and Ethernet traffic to route through it. Same-Origin Policy is another security feature common to all modern websites, which is built to determine whether a page from a website is actually part of the domain, or it’s coming from another external source. Circumventing this security measure means that external pages from a domain can be spoof as appearing to belong where they shouldn’t, making the detection of fake login pages a lot harder, for instance when opening email links that point to online banking logins.

The same goes for pages contained in iFrames, which are basically “windows” that allow external web pages to display within a different domain. Some browsers can lock this ability, which PoisonTap is able to circumvent.

Two-factor authentication is also another security measure that PoisonTap can completely blast through.

How to prevent PoisonTap attacks

The good news is that PoisonTap is not all-powerful, and it will not work, granted a few caveats.

For instance, PoisonTap will not work with web servers that use HTTPS exclusively. Also, closing all instances of a web browser before leaving a laptop unattended is a good way to prevent PoisonTap from latching onto the system, since it does require a running browser to install itself and run JavaScript-based attacks.

Setting up windows 10 or macOS to put the computer into encrypted hibernation is also a good way to ensure that USB ports won’t be active. In case of macOS, for example, File Vault2 + deep sleep should do the trick.

Ready to shop?

PortableOne has the best deals on Windows 10 Pro laptops, featuring the latest hardware-based security features, and full BitLocker encryption to protect your files from prying eyes.

You must be logged in to post comments.