Security experts have long advocated strong passwords for computers, however, a new $5 device developed by hacker Samy Kamkar is claimed to hack into any system in just a minute. The new $5 device dubbed PoisonTap is said to break into any computer system even if it’s password-protected as long as a browser is running at the background.
“PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a Micro-USB cable & microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle,” describes Kamkar in his blog post.
Kamkar told Motherboard, “It’s entirely automated. You plug it in, you leave it there for a minute, then you pull it out and you walk away. You don’t even need to know how to do anything.”
He adds that PoisonTap can evade various security mechanisms including password protected lock screens, routing table priority and network interface service order, http only cookies, multi-factor authentication, and DNS pinning among others.
He also gives away some of the ways users can protect their computers from PoisonTap exploit such as closing browser every time user walks away from computer, disabling USB/Thunderbolt ports is also effective, or switching to encrypted sleep mode are some of the ways users can avoid attack.