Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

$5 Device Can Access Your Password Protected Computer

November 17, 2016

Just when you thought you were safe by configuring a password to lock your computer. Not anymore. Having physical access to your computer, someone with a $5 device can unlock your machine in 30 seconds. Dubbed PoisonTap, the new exploit tool runs freely available software on a tiny $5 Raspberry Pi Zero microcomputer, which is attached to a USB adapter. Once you plug in the device, it emulates a network connection and executes a man-in-the-middle attack to intercept all unencrypted Web traffic, transmitting data to a server controlled by the attacker. Obviously, restricting physical access will help, but there are some other things you can do to minimize your exposure.

  • Setting your computers to hibernate rather than sleep which suspends all processes on the computer.
  • Closing all web browsers every time you walk away from your computer.
  • Patiently clearing browser's cache.
  • Using full-disk encryption applications (for e.g. FileVault 2) in combination with "deep sleep" mode.
  • Simply disabling your USB port.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com