TechSpot

Hacker Samy Kamkar demonstrates how to break into a password-locked computer using a $5 Raspberry Pi

By Shawn Knight
Nov 17, 2016
Post New Reply
  1. Renowned developer and hacker Samy Kamkar has demonstrated a technique that allows virtually anyone to hijack a password-protected computer – even if it’s locked – using a $5 Raspberry Pi Zero and some custom software.

    PoisonTrap, as the tricky device is called, emulates an Ethernet-over-USB device once plugged into a computer, thus tricking the machine into thinking a wired Internet connection is suddenly available. The computer then sends a DHCP request asking for an IP address, which PoisonTrap gladly provides.

    As Kamkar explains, this would normally behave as a secondary network interface but PoisonTrap crafts the DHCP response to make it appear as if almost all IP addresses on the Internet are part of PoisonTrap’s LAN. As such, the computer starts sending Internet traffic out to the hardware device instead of the actual Internet and as Kamkar highlights in the clip above, it’s all downhill from there.

    The attack requires physical access to a machine, somewhat limiting the risk until you realize just how often you wander off away from your computer while at home, in the office or even at school. Fortunately, there are some safeguards you can take to minimize the threat such as using sites that are protected by HTTPS encryption whenever possible.

    Or, you could simply do as Kamkar recommends and add cement to all of your USB ports.

    Permalink to story.

     
  2. OutlawCecil

    OutlawCecil TS Enthusiast Posts: 62   +19

    Good information, but it's PoisonTap, not PoisonTrap.
     
  3. jonny888

    jonny888 TS Member

    Perhaps I'm being daft, but the title of the article suggests someone is using a Pi to break into a PC, and the the rest of the articles describes how they use it to intercept internet traffic? How does the title match the content?
     
    Darius Moon likes this.
  4. Jack007

    Jack007 TS Booster Posts: 161   +34

    Complete waste of time. I have a little program that is a live bootable program it accesses any system even with password in 1 second. it leaves no trace as if it were a ghost. also requires physically being on the system but its the best. I have tapped into countless systems. copied data to a flash drive and no one knew the better. thats called super hacking on the fly
     
  5. Mouldy CPU

    Mouldy CPU TS Rookie

    Really? Who are you? Ethan Hunt?
     
    Darius Moon likes this.
  6. Win7Dev

    Win7Dev TS Evangelist Posts: 567   +174

    It's not hard to do. Just learn how to bypass Bios passwords and you are all set.
     
  7. Mouldy CPU

    Mouldy CPU TS Rookie

    He claimed the program he used could access 'any system even with password in 1 second', which means bypassing of any password is unnecessary.
     
  8. TheDreams

    TheDreams TS Addict Posts: 610   +61

    I prefer Hirens
     
  9. wiyosaya

    wiyosaya TS Evangelist Posts: 1,043   +273

    In at least pro versions of windows, this could likely be stopped by setting a policy that prevents installing Ethernet adapters.
     
  10. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,556   +2,900

    The better defense would be to disable hardware detection while the PC is locked.
     
    Darth Shiv and Phr3d like this.
  11. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,624   +377

    Yeah bit mystifying why this isn't the default.
     
    cliffordcooley likes this.
  12. JoshB

    JoshB TS Rookie

    Already done on all apple computers, especially the one used in the video. This wouldnt work on that computer.
     
  13. Bigtruckseries

    Bigtruckseries TS Maniac Posts: 416   +219

    Now show me how to do it with a Board of Education and BASIC Stamp
     
  14. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,556   +2,900

    I had to look that up to know what you were talking about. Now that I know, I would have loved to have that 25/30 years ago.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...