Modded Raspberry Pi Zero Can Hack a Locked PC in under a Minute

An ethical hacker has built a device using a £4 single board computer that can hack a locked PC in less than sixty seconds. Samy Kamkar, a security researcher and whistleblower, used a Raspberry Pi Zero to build an Ethernet over USB device, dubbed PoisonTap, that can hijack internet traffic on the target computer even if the system has been locked.

According to Kamkar’s blog, the PoisonTap:

• emulates an Ethernet device over USB (or Thunderbolt)
• hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
• siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
• exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
• installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
• allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
• does not require the machine to be unlocked
• backdoors and remote access persist even after device is removed and attacker sashays away

PoisonTap can bypass the following security:

• Password Protected Lock Screens
• Routing Table priority and network interface Service Order
• Same-Origin Policy
• X-Frame-Options
• HttpOnlyCookies
• SameSitecookie attribute
• Two-Factor/Multi-Factor Authentication(2FA/MFA)
• DNS Pinning
• Cross-Origin Resource Sharing (CORS)
• HTTPS cookie protection when Secure cookie flag & HSTS not enabled

Kamkar reveals that, short of severing USB connectivity from your computer, the best way to protect against the kind of attack that PoisonTap is capable of is to set your system to hibernate, rather than sleep. While PoisonTap is a white hat proof-of-concept, to show that it is possible, Kamkar has released the source code he used to achieve the feat. Start blocking your USB ports now.