A $5 PoisonTap Can Rip Into Password-Protected Laptops

Samy Kamkar

If you’re the kind of person that locks their laptop when you leave the desk, you might wanna just take it with you next time to be safe from a new threat. PoisonTap, a USB device that costs just $5, can bypass almost any password-locked machine and installs remote access without the user’s permission. This diabolical dongle is the work of Los Angeles-based computer engineer Samy Kamkar, who revealed his creation on Wednesday.

The device consists of a Raspberry Pi Zero computer running a piece of software that makes the target computer think it’s connecting to a network, like a router. It then intercepts all unencrypted web traffic moving through the computer, and injects HTML into an open web browser page that redirects to popular web pages. PoisonTap, with all web traffic intercepted, then pretends that it’s serving up the correct pages to the computer, forcing it to take in JavaScript code to store in the web cache and grant remote access to the computer’s web browser. The system can also hand over the user’s unencrypted login cookies.

It’s the latest in a line of trinkets designed to terminate your PC’s protections. In September, the USBKill 2.0 hit the markets, promising to deliver a catastropic shock of electricity when plugged in for the low price of $56. Russian security researcher Dark Purple created a flash drive-like device that uses an inverting DC/DC converter to deliver a nasty shock to a computer’s data lines. One of the few machines immune from these attacks is the Apple MacBook, which isolates the data lines on its USB ports.

Of course, there’s a few easy ways to protect against Kamkar’s invention. You can take your laptop with you, close browser windows, or enable FireVault2 on the Mac. Alternatively, if your friends are the sort that would play a prank on you like that, perhaps move on.