Hacker Samy Kamkar demonstrates how to break into a password-locked computer using a $5 Raspberry Pi

Shawn Knight

TechSpot Staff
Staff member

Renowned developer and hacker Samy Kamkar has demonstrated a technique that allows virtually anyone to hijack a password-protected computer – even if it’s locked – using a $5 Raspberry Pi Zero and some custom software.

PoisonTrap, as the tricky device is called, emulates an Ethernet-over-USB device once plugged into a computer, thus tricking the machine into thinking a wired Internet connection is suddenly available. The computer then sends a DHCP request asking for an IP address, which PoisonTrap gladly provides.

As Kamkar explains, this would normally behave as a secondary network interface but PoisonTrap crafts the DHCP response to make it appear as if almost all IP addresses on the Internet are part of PoisonTrap’s LAN. As such, the computer starts sending Internet traffic out to the hardware device instead of the actual Internet and as Kamkar highlights in the clip above, it’s all downhill from there.

The attack requires physical access to a machine, somewhat limiting the risk until you realize just how often you wander off away from your computer while at home, in the office or even at school. Fortunately, there are some safeguards you can take to minimize the threat such as using sites that are protected by HTTPS encryption whenever possible.

Or, you could simply do as Kamkar recommends and add cement to all of your USB ports.

Permalink to story.

 

jonny888

TS Booster
Perhaps I'm being daft, but the title of the article suggests someone is using a Pi to break into a PC, and the the rest of the articles describes how they use it to intercept internet traffic? How does the title match the content?
 
  • Like
Reactions: Darius Moon

Jack007

TS Booster
Complete waste of time. I have a little program that is a live bootable program it accesses any system even with password in 1 second. it leaves no trace as if it were a ghost. also requires physically being on the system but its the best. I have tapped into countless systems. copied data to a flash drive and no one knew the better. thats called super hacking on the fly
 

Mouldy CPU

TS Enthusiast
Complete waste of time. I have a little program that is a live bootable program it accesses any system even with password in 1 second. it leaves no trace as if it were a ghost. also requires physically being on the system but its the best. I have tapped into countless systems. copied data to a flash drive and no one knew the better. thats called super hacking on the fly
Really? Who are you? Ethan Hunt?
 
  • Like
Reactions: Darius Moon

Greg S

TS Evangelist
Complete waste of time. I have a little program that is a live bootable program it accesses any system even with password in 1 second. it leaves no trace as if it were a ghost. also requires physically being on the system but its the best. I have tapped into countless systems. copied data to a flash drive and no one knew the better. thats called super hacking on the fly
Really? Who are you? Ethan Hunt?
It's not hard to do. Just learn how to bypass Bios passwords and you are all set.
 

wiyosaya

TS Evangelist
In at least pro versions of windows, this could likely be stopped by setting a policy that prevents installing Ethernet adapters.