PoisonTap, a $5 tool that invades password-protected computers

Am I correct in understanding that the device works by presenting itself as an Ethernet adapter and then poisoning the browser cache? Would the solution be as simple as an OS update that didn't use unknown network interfaces until the computer was unlocked?

Since no one seems to be talking about how to secure devices, I guess I&#x27;ll get started...<p>USB devices should not accept any incoming connection when the computer is locked. The only use of USB ports when a computer is locked should be for charging devices (current out, no data in). We also need to ensure that devices that were connected before the computer was locked continue to function.<p>Now obviously, the issue with this would be about external devices that are connected after the device has been locked (drives, keyboards etc. - say for example, keyboard stopped working so you switched it out) but in my opinion, that&#x27;s an edge case and should not cause too much inconvenience.

Is there somewhere I can get the source code for this to install on my own Pi 0? I tried a bunch of the links but couldn&#x27;t find it.<p>I really dislike this trend of making the link text have little to nothing to do with where the link goes.<p>Edit: for research, I don&#x27;t plan on using this against someone.

I didn&#x27;t realize PoisonTap&#x27;s creator, Samy, is also the creator of the Evercookie[0], a persistent identifying cookie that remains sharded(then recombines) in your system even after clearing your cookies. While a very cool project, it has some scary implications on users not trained in their removal.<p>[0] <a href="https:&#x2F;&#x2F;github.com&#x2F;samyk&#x2F;evercookie" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;samyk&#x2F;evercookie</a>

It seems that such exploit would require some kind of `network-manager` running. But if `network-manager` is disabled, and all interfaces configured in `&#x2F;etc&#x2F;network&#x2F;interfaces`, then the new malicious interface will be just ignored. It will not come up.

Presuming you are given free access to a USB port on the computer - and as we all know once you have physical control security is somewhat out the window anyway.

As a writer who just included a plot device of providing a loaded USB flash drive as temptation for a target to pick up and plug into their computer and deliver a payload, I&#x27;m exceptionally pleased this device reaffirms the risk of malware being deployed by way of USB ports. From time to time it&#x27;s hard as a writer to try and pick tech and things that hopefully won&#x27;t sound dated, or if they eventually do, will at least fit within a specific story&#x27;s time-place-world-setting.

<p><pre><code> &gt; The primary motivation is to demonstrate that even on a &gt; password-protected computer running off of a WPA2 Wi-Fi, &gt; your system and network can still be attacked quickly &gt; and easily. </code></pre> Oh no!<p><pre><code> &gt; [... with physical access.] </code></pre> Oh. Has this ever been disputed?

I don&#x27;t see how this device is in a more privileged position than the router your system is connected to. The way I see it, any vulnerabilities used in this attack are MITM-vulnerabilities plain and simple and need to be fixed regardless of this specific attack. Am I missing something?

There is a lot of cool hackery going on here but the most beautiful part is how it tricks the target computer into thinking that the entire internet is directly connected to the computer via the USB ethernet interface (I think, I thought the 128.0.0.0 subnet would mean half the addressable space? I&#x27;ve never gotten to 100% understanding of subnets). Although the deception relies on the priority in routing (LAN over outside), it&#x27;s still a real beaut.

Is there some way to configure network-manager to not autoconnect to new ethernet adapters that show up? I don&#x27;t mind clicking the nm-applet dropdown and clicking on the device...

What&#x27;s the difference between this and just doing the same at the router itself?

Wonder if this could be a useful device in some other way (e.g. PC not responding)