Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

New PoisonTap Device Creates Backdoor On Idle PC and Router within Half Minute


A computer that's locked but not shutdown and kept idle could enable a hacker in just 30 seconds use one tiny $5 Raspberry Pi Zero containing devious code for wholly controlling it no matter whether it's password-protected, and planting on it backdoors that are remotely accessible.

Samy Kamkar a hacker as well as program developer has lately created PoisonTap which has numerous sinister slick capabilities, with one wherein following taking the gadget out of an USB port leaves the backdoor unaffected and it persists just as remote access continues for both the PC and its router.

One non-chargeable program, PoisonTap operates via a Raspberry Pi Zero. When installed on a small PC, the hacker merely requires plugging it to the USB port of the machine for recording the entire Web-traffic that comes in and out unencrypted from the websites browsed, up to the cookies the user's Web-browser utilizes for logging into his A/Cs.

After completing the hack, the information gets transmitted onto a server the attacker regulates. May be even remarkable is that PoisonTap's backdoor lets gaining hold over the victim's Web-browser along with his local network from distance. Dailydot.com posted this, November 17, 2016.

Instead of planting malware that's usually easily detectable, PoisonTap makes a remote backdoor access through the concealment of harmful code inside browser cache of the victim. Detection in this circumstance is truly difficult, says Web Security Researcher Jeremiah Grossman who's also Security Strategy Head at SentinelOne a security company.

Elaborating further Kamkar states that PoisonTap moves each and every HTTP cookie and stores them all. The program generates and injects concealed iframes into websites within the list of Alexa-ranked top 1m sites. The attacker, via tapping cookies and piggybacking on sessions already logged in, manages to evade dual-factor validation and thereby infiltrate the victim's accounts.

Incase the target website is HTTPS, however, didn't correctly establish the "secure" icon then PoisonTap could ensnare the said cookies, while facilitate the hacker to gain admission into the victim's accounts.

Kamkar suggest the only solution to such attacks is closing the computer's Web-browser whenever the user is not using his system or leaves it idle.

» SPAMfighter News - 11/22/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next