Page 1 of 1

You can hack a locked PC with $4

Posted: 18 Nov 2016, 16:44
by viking60
Rapsberry Pi can hijack a locked PC's internet traffic.

It emulates a network and triks the computer to send the traffic by giving it an IP address. In other words it plays you ISP.

This requires a web browser to be running behind that locked screen which is a classic lunch scenario +1

Your cookies to log in on Facetube or your favorite pornsite or Internet shop can be stolen in under one minute and then the hackers can use your ID.

It is called the poison tap.
The PoisonTap, which is made of a £4 Raspberry Pi Zero microcomputer and a USB cable, emulates an internet connection to hijack all of a computer’s internet traffic, stealing the data used to log in to websites like Facebook and Gmail.

So that makes me wonder:

WTH did the NSA spend all those tax money on supercomputers?

Re: You can hack a locked PC with $4

Posted: 19 Nov 2016, 17:59
by R_Head
Proven many times over... Physical Security is the weakest of them all.

Re: You can hack a locked PC with $4

Posted: 20 Nov 2016, 10:59
by viking60
Yup .... and in most cases the biggest problem is between the chair and the keyboard :lol:

This is easily avoidable but I bet it still would be effective in most cases.

..Bubble gum in the USB slot..I tell you +1

Re: You can hack a locked PC with $4

Posted: 20 Nov 2016, 16:48
by R_Head
On our systems, we disabled the USB port in the BIOS, password protect the BIOS and Quick Boot so nobody can read the BIOS splash. Is not 100% idiot proof but the more obstacle you make, the chances of someone tampering will shrink.

That plan went to crap when all the hardware came out as USB enable. Webcams, mouse, keyboard, scanners, printers, thumb drives, etc.. Again, if the user wants to sneak a thumb drive, most likely it will happen. If you want to hack a way to do it is, apply for janitor, low paying job, easy to obtain, no much of background check. After few weeks, you earn trust and social-network/engineer your way around. Then, find a node and do your deed. Better yet, find a closet with a network circuit, place a Raspberry Pi on the LAN were nobody can see it. We had a guy who did some like that back in the days. He connected a PC to the LAN and had MoDem connected to the phone line. The PC was in a closet, nobody knew it was there. All he had to do, dial in and he got network access.