4
kiki
3d

Your computer is probably vulnerable to Samy Kamkar's poisontap: a Pi Zero-based device that connects to usb and does the following:

- emulates an Ethernet device over USB (or Thunderbolt)
- hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
- siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
- exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding
- installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user's cookies via cache poisoning
- allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any backdoored domain
- does not require the machine to be unlocked
- backdoors and remote access persist even after device is removed and attacker sashays away

I need several minutes with your laptop to perform the hack, even if it's locked. Full-disk encryption and secure boot won't save you.

If you use GNU/Linux, install usbguard today. If you use macOS/Windows, idk, pray.

Comments
  • 1
    btw, if the name "Samy Kamkar" does ring a bell, you're not tripping: he was behind that famous MySpace exploit that made people's browsers add Samy as a friend, making him the person with the most MySpace friends in no time.
  • 2
    who even uses http nowadays? most domains just redirect to https anyway
  • 2
    > siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites

    ever heard of https?

    also: by now, it's almost a decade old news.
  • 2
    Why would I connect an unknown device to my laptop?
  • 1
    @antigermanist someone else will
  • 5
    @kiki if somebody manage to enter my home to plug something on the desktop I have other issues.

    Like home invasion
  • 1
    @antigermanist if you never leave your home with your laptop then sure
  • 3
    @antigermanist yeah, most of such "hacks" require physical access, at which point you have bigger issues than the hack itself 😂
  • 1
    @iiii you're working in a coworking space. You want to go to the bathroom, so you lock your laptop and go. You know it's locked, so no one can access it. In the meantime, I connect to your usb, wait 30 seconds and disconnect. You never notice.
  • 2
    Good ole samy. As long as he doesn't get his computer taken away for 8 years again!
  • 2
    @12bitfloat he also made a drone that automatically approaches other drones, hack them and build an army of drones for you
  • 2
    @kiki i'm too poor for coworking space. I go to the park
  • 1
    @antigermanist if someone came to you there and inserted a usb stick into your laptop, your brain would've probably erased the memory of that because of how unusual it was and how much processing power was needed to process it correctly. Are you sure no one attacked your laptop like this ever?
  • 1
    @kiki you don't leave your laptop with someone else in an adversary environment
  • 1
    @iiii no one is rational 100% of the time. I can totally see people who frequent their favorite coworking space get used to the convenience of leaving their locked laptop on their table while they go to the bathroom, and forget that it's a public space.

    Why not prevent the issue once and for all by installing usbguard? It's free and open source.
  • 1
    @kiki no but one time some homeless guy on crack offered me a blowjob and tried to stab me when i said no thanks.

    And yes I am that polite
  • 0
  • 1
    @kiki the other thing is no one would realistically use this unless they specifically target you, so you should be a high value target in the first place
  • 1
    @iiii or, I can spend some time there to target everyone
  • 6
    Terrible kiki dream.
  • 0
    Nothing new here ;p You should look in leaked doc from CIA.

    They can do SAME THING but with YVs lol ! Insane the doc ! (I don't have a link unfortunatly).
  • 0
    People already said it, and I already updooted, but just to reiterate...

    If someone already has physical access to your computer, you have bigger problems at hand.

    And like, don't hit me with the usual shit.

    If you work IT, your computer is your tool.

    No one, much less blue collar workers leave their tools unattended.

    You don't do it either, and problem solved.

    I know I never let my laptop outta my sight, and nothing of the sort has happened in 7 years
  • 0
    @CoreFusionX I agree. For most people on this website :)

    But I have seen plenty of times where people at work go for lunch without even locking their screens. It's a paid job for them, and they don't care if company data gets stolen. They think it's the company's responsibility to "protect" them.

    That's why disabling all USB ports, except for specific device IDs for keyboards and mice, should be mandatory in all workplaces!

    People (e.g., those working in accounting, sales, planning, etc.) don't care about these things. For them, a laptop is NOT a tool; it's an annoyance they are forced to use.

    It will be radically different for dev teams, sys admin teams, or other technical teams.
  • 0
    Dude, i have issues when plugging in any device to usb, linux just don't want to recognize it at all, no matter if it is locked or unlocked!

    Fuck you Samy!
  • 1
    OK but isn't this basically a question of timescales? If you've got physical access to a device it's mostly a question of how long it takes to hack. Don't get me wrong that's a good timescale, but if your HD isn't encrypted I can pull it, connect to a different device and hack. If it is encrypted, I can mess with your bios. If you've got boot protection given enough time I can swap components and spoof hardware signatures.

    The lesson should be "Don't let people have physical access to your hardware. Your wireless cards are probably insecure too so for critical stuff switch them off. For really secure stuff use a SCIF." Anything else is a question of time. I remember Facebook used to not be https (firesheep) so I could view other users on the same network their PMs. Then use kali to get on someone's network. Old hacks are new again.
Add Comment