Hackers can use this tiny $5 device to attack your locked Mac

By

PoisonTap is tiny but deadly.
PoisonTap is tiny but deadly.
Photo: Samy Kamkar

The next time you leave your Mac unattended, make sure to turn it off.

A well-known hacker has created a cheap tool that can steal data off of locked computers in minutes. The clever new device called PoisonTap is created using a $5 Raspberry Pi Zero and some open source code. Attackers can plug PoisonTap into a machine and as long as the victim has a web browser open, it can steal data and leave remote backdoors.

[contextly_auto_sidebar] “It’s entirely automated. You plug it in, you leave it there for a minute, then you pull it out and you walk away,” Kamkar told Motherboard. “You don’t even need to know how to do anything.”

PoisonTap emulates a network device that pretends to be the entire internet. The computer then sends it all traffic. Once it has access, PoisonTap connects to the top 1 million websites in world to see if you have ever accessed them. All of the victims cookies can then be stolen as long as they don’t use HTTPS encryption.

While its stealing the cookies and other data, PoisonTap also plants remote backdoors. The attacker can then access them even after the device has been removed.

If you didn’t understand everything Kamkar talked about about in the video, here’s the gist: By pretending to be a network device with PoisonTap, hackers can grab your cookies and then log into the same websites as if they’re you. They don’t even need your passwords or username.

The brilliant move is that attack “poisons” your computer. Any updates you make can be relayed back to the attacker and the victim will be completely unaware.

Don’t despair though. There are a few things you can do from getting attacked.

How to protect against PoisonTap

– Close your browser if you’re leaving your computer unattended
– Disable USB/Thunderbolt ports (effective, but not practical)
– Instead of locking your Mac, put into an encrypted sleep mode where a key is required to decrypt memory (e.g., FileVault2 + deep sleep)

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.