The Complete Magazine on Open Source

Raspberry Pi Zero-powered Poison Tap can hijack any computer silently

SHARE
/ 4923 0

Raspberry Pi Zero

Computer researcher and hacker Samy Kamkar has developed a device called Poison Tap to hack your computer silently. The project uses Raspberry Pi Zero to gain the backdoor access to almost any available desktop or notebook in just a minute’s time.

Poison Tap is capable of siphoning cookies and then installing a backdoor to expose routers of a password protected computer. Kamkar claims that the device can work on any computing platform that includes USB drivers.

Being based on the $5 Raspberry Pi Zero, Poison Tap has micro-USB cable and microSD card. It works by producing cascading effect while exploiting a machine or network.

“Poison Tap produces a cascading effect by exploiting the existing trust in various mechanisms of a machine and network, including USB/Thunderbolt, DHCP, DNS, and HTTP, to produce a snowball effect of information exfiltration, network access and installation of semi-permanent backdoors,” explains Kamkar on his microsite.

Poison Tap uses browser cache to inject a malicious code and thereafter, bypasses security measures of the machine. An attacker can remotely control and monitor activities happening on victim’s machine or network.

Unlike a powerful hardware, Poison Tap is basically just software that runs on Raspberry Pi Zero. The single-board computer with the Poison Tap code can be connected to the computer either via USB or ethernet cable. Notably, the backdoor is introduced to victim’s machine upon connected this device to it and stays on the computer even when PoisonTap is unplugged.

Kamkar has released the source code on GitHub. Developers can use the same code with a Raspberry Pi Zero to create their own Poison Tap.