The extent of your computer skills involve opening the internet browser so you can send a few emails and browse the internet. These simple skills qualify you as an expert computer hacker with the help of a $5 device!
This little gadget exposes the internal router in your laptop to a hacker, which makes it remotely accessible in under one minute. The hacker begins by plugging the PoisonTap device into the USB port of any laptop locked, password protected, or unlocked. The laptop recognizes the device as an Ethernet device, making it a low priority network device. Meaning, it acts as a "trojan horse" to the computer, and installs a web based backdoor in HTTP cache, in under one minute. When the installation has been completed, the hacker removes the device and quickly gets away.
Hackers now have full access to your laptop and all it's juicy information, without a password and without being anywhere near you. Consider anytime you have left your computer for a few minutes at a coffee shop, library, or office to run to the bathroom. That is the golden opportunity these hackers are keeping an eye out for.
Hackers can pick this device up for $5.00 and only need a micro-USB cable and micro-SD card to complete their mission. If you do not have a professional IT team to ensure your software is protected against devices of this kind, then you are a prime target.
If you are running a web server, securing against PoisonTap is simple:
- Use HTTPS exclusively, at the very least for authentication and authenticated content
- Honestly, you should use HTTPS exclusively and always redirect HTTP content to HTTPS, preventing a user being tricked into providing credentials or other PII over HTTP
- Ensure Secure flag is enabled on cookies, preventing HTTPS cookies from leaking over HTTP
- Use HSTS to prevent HTTPS downgrade attacks
- Adding cement to your USB and Thunderbolt ports can be effective
- Closing your browser every time you walk away from your machine can work, but is entirely impractical
- Disabling USB/Thunderbolt ports is also effective, though also impractical
- Locking your computer has no effect as the network and USB stacks operate while the machine is locked, however, going into an encrypted sleep mode where a key is required to decrypt memory (e.g., FileVault2 + deep sleep) solves most of the issues as your browser will no longer make requests, even if woken up