Samy Kamkar is an engineer who takes time demonstrating how small conventional devices can have much more danger than usual. Its latest creation is PoisonTap, software that converts the small Raspberry Pi Zero in a lethal device for the safety of our laptops.
This tool achieves that by connecting the RPI Zero to any USB port of a computer all web traffic unencrypted intercepts, including authentication cookies that are used to log in all types of private accounts, and that information is then sent to a Server that is under the control of the attacker.
An open browser is all you need PoisonTap
Not only that: the software installs a backdoor that makes the web browser and the local area network of the owner of that PC or laptop can be controlled by the attacker. The result is clear: if you leave your computer unattended for a moment, anyone could use this tool to take control of all that information and resources without problems.
As indicated in Ars Technica, PoisonTap motivation is to “demonstrate that even in a computer password protected and connected to a WiFi network with WPA both your system and your network can be attacked quickly and easily”.
You may also like to read another article on imindsoft: A minicomputer plate for $16? CHIP Pro is new competition for Raspberry Pi Zero
PoisonTap works on both Windows and Mac platforms (the author not been tested on Linux) and makes the Raspberry Pi Zero in a kind of gateway to a network that makes the computer has to send through it all that traffic .
If PoisonTap is an open one tab browser, injects a series of HTML tags that connect to a million (the most popular Alexa) web sites that try to connect from that browser. If we have the traditional systems of automatic login of those services and web pages, we will be lost, because those credentials will be kept by PoisonTap to transmit them to that server of the attacker.
To protect us from these threats is important to try to always connect to secure pages (HTTPS supporting), and also secure cookies that prevent such data logon being intercepted. It would also be advisable if you were to leave the computer unattended to block, but before you closed any browser and your eyelashes. And then there is the final solution: take the computer wherever you go, something especially difficult on many occasions, especially when we talk about desktop PCs.