Skip to main content

This Raspberry Pi-Based Hacking Device Can Help You Break into Any Computer


Passwords, iris scanning, and fingerprint protection are all here to help protect a computer from unauthorised access, but all of these have been rendered useless by a device that costs only $5 to build.
Samy Kamkar has shown in a video that it takes only a $5 Raspberry Pi Zero computer and free software to bypass protection on a computer using backdoor that’s installed through USB.
The hacking device is called PoisonTap and can emulate an Internet over USB connection that tricks the computer into believing that it’s connected via the Ethernet. Using the software, the computer is configured to prioritise the USB connection over wireless or Ethernet, so it begins sending unencrypted web traffic to PoisonTap.
The device automatically collects HTTP authentication cookies and session data from the majority of websites, with the hacker explaining that the top one million websites in Alexa are currently supported. Two-factor authentication is bypassed as well, as PoisonTap looks for cookies and doesn’t attempt to brute-force into the system or compromise login credentials.
While this is worrying to say the least, Kamkar explains that the hacking device becomes useless if the computer doesn’t have at least one tab running in a browser. Additionally, he says that computers with USB ports disabled, or put in hibernation mode, are also secure because this way all processes are suspended and the hacking device can no longer siphon data.
In case you’re wondering if things like antivirus solutions or stronger passwords can block PoisonTap, this isn’t the case, as the hacking device doesn’t rely in any way on brute-force attacks, so the length of your passwords doesn’t make any difference.
Furthermore, given the fact that it uses free software and a specially crafted backdoor, antivirus solutions won’t detect it, leaving the computer fully vulnerable to attacks.
The entire process is detailed in the video below and, as a general recommendation, make sure you close your browser before leaving the desktop (we know nobody does that, but this is the simplest thing we can all do to stay protected).

Comments

Post a Comment

Popular posts from this blog

14 Best Online Jobs from Home – No Investment to Earn Money

Earn from PTC sites If you are trying to earn money online & need only small extra income less than $200 (Rs.12,000) then PTC sites are the best way to start. Here you need to click & read the advertisements for 10 to 3o seconds & get paid for each & every advertisement you view. There are many sites where you can register & make money by reading ads. All sites are free & there is no investment at all. You can check this list of 5 best PTC sites, signup & start earning. 2. Earn with GPT Sites To add more income, you can also join GPT sites where you can earn money by taking small surveys, watching videos, playing games & doing many more activities. We have worked on number of GPT sites but we will recommend only 3 sites which pays their member on time. You can receive your payment by PayPal, cheque or bank transfer. Check GPT sites here . 3. Become a Captcha Solver If you have more time then you can add further income in your po...
2 comments
Read more

How To Bypass Windows AppLocker

How To Bypass Windows AppLocker Hello, today we will talk about Applocker bypass techniques in a Windows environment. What is Applocker, how does it protect systems, and more importantly, how to bypass this security feature. So many issues to tackle in this article! What is Applocker? Applocker is a software whitelisting tool introduced by Microsoft starting from Windows Vista/Seven/2008 in order to restrict standard users to only execute specific applications on the system. e.g.: “Alice can run explorer.exe, Bob, however, cannot!” If you are conducting penetration tests, you will likely find Applocker on very sensitive machines: industrial computers, ATM, business workstations, etc. How does it work? To activate Applocker on your testing machine, start the  Application Identity  service (Administrative Tool -> Services), then open the Group Policy Editor ( gpedit.msc  on a local machine or  gpmc.msc  on a domain controller). Browse to “App...
3 comments
Read more

Backdoor/Rootkit Comes Pre-installed

Here's some bad news for Android users again. Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a  new report  from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy. Backdoor/Rootkit Comes Pre-installed The vulnerable OTA mechanism, which is associated with Chinese mobile firm Ragentek Group, contains a hidden binary — resides as  /system/bin/debugs  — that runs with root privileges and communicates over unencrypted channels with three hosts. According to the researchers, this privileged binary not only exposes user-specific information to MITM attackers but also acts as a rootkit, potentiall...
2 comments
Read more