PoisonTap is a Raspberry Pi Zero security threat worth taking note of

Poison Tap

I wasn’t going to blog this as it’s a pretty horrid use of the Pi, but I wanted to highlight the security concern!

PoisonTap is a Raspberry Pi Zero/Node.js hacking machine. According to the maker’s website, it:

siphons cookies, exposes internal router & installs web backdoor on locked computers

It plugs into the USB port of a computer and first of all tricks the host computer into thinking that it’s connecting to a network and then it intercepts unencrypted web traffic. It also stores cookies coming from the web browser and tells the computer to be a router, thus making it accessible remotely. And it does all this without the machine being unlocked.

Read more about the PoisonTap by going to Samy Kamkar’s website.

It’s entirely up to you whether you try it out – just don’t blame me if you get in trouble!

Dennis Fisher of On The Wire has interviewed Samy for his podcast – listen here.

Here’s a live demo of it working:

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.