Humans aren’t great at computer security, to the point where Microsoft is taking bad passwords away from us. But most of us know enough to lock our computers when we have to leave them on, right? Well, bad news, because an engineer worked out a way to break into locked computers, and it costs about as much as a value meal.
The Poison Tap is engineered off a Raspberry Pi — a small $5 computer that plugs into a USB and has everything you’d need to hijack a system. When you plug the Poison Tap into the computer, it tells that computer it’s an Ethernet device using USB, like a router, so the computer starts routing web traffic through it. That allows the tap to bypass malware screens and other attack prevention tools and inject malicious code into your computer through its browser cache. From there, it’s just a matter of cracking your computer’s internal router and that’s it: You’ve been breached.
The good news is that if your computer is in sleep mode, not just locked, the Poison Tap won’t work. You can also fairly easily encrypt your computer, which stops the device cold. Still, the fact that this is such a glaring vulnerability, and that it’s so cheap to exploit, is fairly worrying. Maybe Apple had the right idea getting rid of ports after all.