Skip to main content

New USB Device Can Hack A Locked Computer

By December 12, 2016May 25th, 2021Blog, Cybersecurity

newxusbInternet Security Researcher and Programmer Samy Kamkar has some seriously bad news for you and your company. He recently released a devastating proof of concept attack that can target pretty much every device on the web today and take a high degree of control over them.

Even worse, he designed his proof of concept using off-the-shelf, Arduino components that literally anyone can get their hands on.

He has dubbed his new attack “Poison Tap,” and it is insidious. All he has to do is plug his little USB device into any USB port on any device in your company’s network, and it’s off and running. The computer takes about thirty seconds to boot up, and another thirty seconds or so to ready its attack. After that, the device can be unplugged with no evidence that it was ever there.

The attack takes advantage of the fact that when a new device is plugged into a USB port on your network, your network finds and identifies it. In this case, the device is disguised so that your network thinks it’s an innocuous network adapter.

Once connected to your network, it opens one million invisible browser tabs which sit there silently, and completely invisible to the user. These invisible connections are back doors which can be used to send instructions and receive network information.

Any time the user on an infected machine opens a web page, the cookies and other relevant information related to that page can be re-routed to a server controlled by the hacker, giving them easy access to network information, passwords and the like.

Even worse, the software can seek out routers – even routers that aren’t normally accessible from outside the company’s firewall, and start changing DNS information, re-routing traffic, locking users out and so forth.

If there’s a silver lining to be had here, it is the fact that this attack is fairly easy to prevent. First, it requires physical access to a USB port, which makes it somewhat difficult to pull off. Second, if the user in question closes his or her web browser before locking his computer and walking away, the attack can’t even get off the ground. Nonetheless, Poison Tab is a disturbing, and potentially devastating new attack vector to be aware of.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.