With all the data you keep on your laptop, it makes sense you wouldn’t want someone poking around in there. But so long as you make sure to lock your computer with a password whenever you walk away from it, what could really go wrong? A lot. A whole heck of a lot.
The latest gadget from white-hat hacker Samy Kamkar is a perfect example of how insecure even a locked computer can be. Dubbed “PoisonTap,” the device is simply a $5 Pi Zero computer with a USB cable and some special software. When plugged into a laptop, even one that is locked, PoisonTap immediately and quietly goes to work doing all sorts of horrible things.
The basic premise is that PoisonTap pretends to be an ethernet connection that is coming across over USB. By doing that, it can then pretend to be an internet connection and slam the laptop it’s attached to with all sorts of bogus information and nefarious software by exploiting a number of security holes. Kamkar explains the specifics in his video on the project, but in short, PoisonTap can compromise your computer for good in just a few seconds. Even after the device has been detached, the software that’s on there doesn’t go away.
The moral of the story? The best way to ensure the security of your device is just to make sure that no one can do anything to it while you’re not around. Yes, the lock screen will help keep honest people honest, but for anyone who’s looking to get into your stuff, it’s hardly an impediment. So just think about that next time you ask a stranger to keep an eye on your laptop while you go to the bathroom at the library or coffee shop. Fortunately your data is probably not such a hot commodity, but if you want to be safe and not sorry, don’t let that laptop out of your sight.
Author: Eric Limer