Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
$5 Device Can Access Your Password Protected Computer
November 17, 2016
Just when you thought you were safe by configuring a password to lock your computer. Not anymore. Having physical access to your computer, someone with a $5 device can unlock your machine in 30 seconds. Dubbed PoisonTap, the new exploit tool runs freely available software on a tiny $5 Raspberry Pi Zero microcomputer, which is attached to a USB adapter. Once you plug in the device, it emulates a network connection and executes a man-in-the-middle attack to intercept all unencrypted Web traffic, transmitting data to a server controlled by the attacker. Obviously, restricting physical access will help, but there are some other things you can do to minimize your exposure.
- Setting your computers to hibernate rather than sleep which suspends all processes on the computer.
- Closing all web browsers every time you walk away from your computer.
- Patiently clearing browser's cache.
- Using full-disk encryption applications (for e.g. FileVault 2) in combination with "deep sleep" mode.
- Simply disabling your USB port.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com