![]() ![]() As the little USB stick loads the collection of site addresses in the user's browser, it also tricks the browser into storing its own, carefully manipulated version of those sites in its cache-the feature of browsers that maintains pieces of websites on your computer rather than loading them from the web again and again. But stealing cookies is merely the first in a series of techniques. PoisonTap's initial attack isn't as serious as it may sound: It only works on sites that use HTTP rather than the far more secure HTTPS protocol, which signals to a browser to only share cookie data with a verified site. The computer may be locked, he says, but PoisonTap "is still able to take over network traffic and plant the backdoor." "In a lot of corporate offices, it’s pretty easy: You walk around, find a computer, plug in PoisonTap for a minute, and then unplug it," Kamkar says. Instead of exploiting any glaring security flaw in a single piece of software, PoisonTap pulls off its attack through a series of more subtle design issues that are present in virtually every operating system and web browser, making the attack that much harder to protect against. ![]() Today Kamkar released the schematics and code for a proof-of-concept device he calls PoisonTap: a tiny USB dongle that, whether plugged into a locked or unlocked PC, installs a set of web-based backdoors that in many cases allow an attacker to gain access to the victim's online accounts, corporate intranet sites, or even their router. But serial hacker Samy Kamkar's latest invention may make you think of your computer's USB ports themselves as unpatchable vulnerabilities-ones that open your network to any hacker who can get momentary access to them, even when your computer is locked. You probably know by now that plugging a random USB into your PC is the digital equivalent of swallowing a pill handed to you by a stranger on the New York subway. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |