Hacked Gadgets Forum

November 22, 2016

Poison Tap

at 10:18 pm. Filed under Complex Hacks, Computer Hacks, Educational

 

Samy Kamkar had built a device that is called Poison Tap. It is a Raspberry Pi Zero which plugs into the victims USB port. The device that looks like an Ethernet connection, your computer inherently trusts this connection and this is where the exploit starts.

  • emulates an Ethernet device over USB (or Thunderbolt)
  • hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
  • siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
  • exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
  • installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
  • allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
  • does not require the machine to be unlocked
  • backdoors and remote access persist even after device is removed and attacker sashays away

 

 

 

 

 


 

Tretinoin, active in prescription is present product retin . Nov 2012 first popular than years as acne doctors...


Related Posts

No related posts

 


 

Leave a Reply

Internal Links:

Categories:

Search:

Google
Hacked Gadgets
Web

Site Sponsors:

Nuts and Volts Electronic Labs Trossen Robotics Free Technical Publications Blue LED

 

Recent Comments:

More RSS Feed Options

Site Sponsors:

 

Interesting Sites: