• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

This $5 hacking tool lets attackers bypass security on locked computers

November 17th, 2016 Waqas Hacking News, Security 0 comments
This $5 hacking tool lets attackers bypass security on locked computers
Share on FacebookShare on Twitter
This $5 hacking tool is called Poison Tap — It’s so sophisticated that it can even compromise a locked (password-protected) computer.

Samy Kamkar has long been under the limelight for developing sophisticated hacking tools that simply leaves security community speechless. Recently, Kamar has developed a small USB that goes by the name of Poison Tap. The device works by re-routing all the internet traffic to its own domain and hence accesses cookies. Using this information, the device enables attackers to access all the account information.

Also Read: 8 Most Popular and Best Hacking Tools

A network-accessing device

Essentially, the device works by loading itself onto the victim’s computer. The computer recognizes the device as an Ethernet Device. As such, the device takes over the entire IPv4 address space leading all the network traffic of victim to be routed through Poison Tap.

This means the traffic is not able to reach the actual gateway and instead uses the device to do so. This leads the attacker to access HTTP cookies and bypass any security.

After gaining access to these cookies, the attacker can even remove the device and still have access to the victim’s computer remotely.

this-hacking-tool-lets-attackers-bypass-security-on-locked-computers

PoisonTap HTML5 canvas animation/Source: Ara

Hacking made easy

It seems that Kamar has consequently made hacking as easy as possible. Simply using a USB device, a victim’s online accounts can be also hacked and various other security measures can be breached.

PoisonTap evades the following security mechanisms:

Password Protected Lock Screens

Routing Table priority and network interface Service Order

Same-Origin Policy

X-Frame-Options

HttpOnly Cookies

SameSite cookie attribute

Two-Factor/Multi-Factor Authentication (2FA/MFA)

DNS Pinning

Cross-Origin Resource Sharing (CORS)

HTTPS cookie protection when Secure cookie flag & HSTS not enabled

I’ve released PoisonTap; attacks *locked* machines, siphons cookies, exposes router & backdoors browser w/RasPi&Node https://t.co/mbTAti33wy

— Samy Kamkar (@samykamkar) November 16, 2016

A must watch video for in-depth technical understand

[fullsquaread][/fullsquaread]

Previously, he demonstrated how an attacker can hack and open garage doors in seconds with a toy. He also showed how consumer drones can be hacked for personal use. That’s not all, Kamkar also demonstrated how an attacker can locate, unlock and start General Motors (GM) cars with a hacked mobile app. As far as his latest development, let us hope the security community figures out a defense mechanism against this before the device gets into the wrong hands.

  • Tags
  • Computers
  • hacking
  • Infosec
  • internet
  • Privacy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Chinese Android Smartphones Sending Data to China through Secret Software
Next article FS.to pirate website shut down after Ukraine's National Police Raid
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data

FluBot Android malware mimics FedEx, Chrome apps to steal user data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us