$5 PoisonTap Tool Easily Breaks Into Locked PCs

Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi.

The low-tech cookie-siphoning intrusion is one of Kamkar’s simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices, with MacGyver-like precision.


Kamkar’s latest hack, PoisonTap, uses a Raspberry Pi Zero, a micro SD card, and a micro USB cable or other device that emulates USB, including USB Armory or LAN Turtle.

Windows, OS X and Linux recognize PoisonTap as an Ethernet device, load it as a low-priority network device, and perform a DHCP request across it, even if the computer is locked or password-protected, Kamkar explained.

PoisonTap provides the computer with an IP address. However, the DHCP response tells the machine that the IPv4 space is part of PoisonTap’s local network, rather than a small subnet, he said.

If a Web browser is running in the background, one of the open pages will perform an HTTP request in the background, noted Kamkar. PoisonTap responds with a spoof, returning its own address, and the HTTP request hits the PoisonTap Web server.

When the node Web server gets the request, PoisonTap’s response is interpreted as HTML or JavaScript.

The attacker is able to hijack all Internet traffic from the machine and siphon and store HTTP cookies from the Web browser or the top 1,000,000 Alexa websites.

 Low-Cost Havoc

“The PoisonTap project is an extremely clever and creative attack that can have serious consequences,” said Mark Nunnikhoven, vice president for cloud research at Trend Micro.

“The code is public, and hardware required to run it is only a few dollars, which increases the risk to average users,” he told TechNewsWorld. “However, it still takes some effort for an attacker to steal the user’s data.”

For the device to work, the attacker needs physical access to the machine while a Web browser is running in the background, noted a Symantec researcher in comments provided to TechNewsWorld by spokesperson Jenn Foss.

The risk is lower when a machine has restricted physical access. The risk is higher when a machine is in the public domain, where anyone potentially has access to it — for example, at a sidewalk cafe.

Open Source Factor

It might be easier to build a solution to the hack, given that Kamkar’s attack was conducted over an open source language, suggested the Symantec researcher. “If someone slips a secret backdoor into an open source project, chances are someone will find it quickly. Often open source is quicker to address vulnerabilities as an open source community can be very large.”

In addition, if someone creates a tool and the source code is publicly available, anyone can read the code and develop proper protection for the future, the Symantec researcher pointed out.

“It’s certainly very creative work, and it shows just how many attack vectors exist that we’ve yet to really consider,” remarked Troy Hunt, Microsoft MVP-Developer Security.

“However, it also requires physical access — and once you get to that point, there’s a lot of avenues available to an attacker,” he told TechNewsWorld.

The use of HTTPS could have crippled this particular attack, Hunt noted, and we don’t normally think of that as being a defense against an adversary with physical access.

Using Hearthstone cheat programs could infect your PC with malware

malware, malicious software, bitcoins, hearthstone, cheating software, third-party add-ons

If you’re a Hearthstone player and not averse to using hacks and deck tracker add-ons to gain an advantage in the game, you may want to rethink your morally dubious actions. Security firm Symantec has just revealed that many of these third-party programs that supposedly benefit players can actually compromise computers with malicious software.

Symantec found that a large number of unofficial Hearthstone apps could, once installed, be used to steal passwords, spy through webcams and even mine bitcoins.

One program, Hearthstone Hack Tool v2.1, which promised players unlimited gold and dust, was described as a “total scam” that doesn’t work.

Another program that claimed to provide extra gold and dust, called Trojan.Coinbitclip, searches users’ clipboards for Bitcoin addresses and replaces them with a different but similar looking one of its own – another reason for Bitcoin miners not to use the clipboard.

The gray area of deck trackers – essentially card counters – are also susceptible to malware as game creator Blizzard doesn’t support these tools. “In December 2015, Symantec saw that attackers disguised Backdoor.Breut as one of these add-ons by using the file name Hearthstone Deck Tracker.exe. This threat is capable of opening a back door, recording from the webcam, logging key strokes, and stealing passwords.”

It was recently revealed that a Redditor had created a number of fake hacks for Counter-Strike: Global Offensive as a way to get those who used them banned by Valve’s Anti-Cheat system (VAC). Hopefully, people will start to realize that downloading this kind of software really isn’t worth it.

Germany approves the use of government-developed malware to monitor suspects

germany, trojan, malware, government spying

The German government has taken the controversial decision to allow intelligence agencies to use malware for the purpose of monitoring people under suspicion.

A spokesman for the German interior minister announced on Monday that authorities would be able to use government-developed trojan software to infect a suspect’s computers and mobile devices. The only reason the malware can be deployed, however, is if lives are at risk or the state is threatened. Additionally, a court order will be required to use the software.

“Basically, we now have the skills in an area where we did not have this kind of skill,” said the spokesman. The ministry also pointed out that the program was already endorsed by members of the government in autumn 2015.

Privacy advocates are not happy about the ruling, with many groups claiming it crosses the line between the need to monitor dangerous individuals and basic privacy rights.

“We do understand the needs of security officials, but still, in a country under the rule of law, the means don’t justify the end,” said Konstantin von Notz, deputy head of Germany’s Green party.

The software must not monitor any activities other than communications, but a spokesman from Germany-based hacker association Chaos Computer Club (CCC) has expressed doubt that this really will be the case. Frank Rieger said that the technical capabilities of the government’s malware needed to be reduced. “It’s almost like you’re watching people think, if you’re reading as they type,” he said.

Germany’s constitutional court ruled in 2008 that the government must respect an individual’s right to confidentiality when it comes to data stored on information technology systems. Monitoring must be limited to a suspect’s communications with the outside world.

The CCC reverse engineered and analyzed a “lawful interception” malware program used by German police forces back in 2011. The group found that the software could “not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.”