The hacking device uses a piece of free software and a $5 (Rs 340) Raspberry Pi Zero card-sized computer, which is attached to a USB adapter.What makes this hack a masterstroke is the fact that it does not even try to guess your password, but instead bypasses it entirely. All the hacker needs to do is attach the malicious device and wait–the device simply impersonates a new Ethernet connection.
Reportedly, even if the victim’s device is connected to a WiFi network PoisonTap is programmed to trick the computer into prioritizing its network connection to PoisonTap over the victim’s own WiFi network.
Let’s break it down: when the target PC detects the USB device, it recognizes the device as an Ethernet (LAN) connection. In doing so, the PC unknowingly sends all of is unencrypted web traffic to the Internet via the device. The device can now easily steal data like the PC’s authentication cookies, which are used to log in to private accounts.Later, it sends this personal data to a server that is controlled by the hacker.
However, Samy Kamkar states that for this hack to work, users will firstly need to have a running browser on the device. Therefore, even if the PC is locked, an open browser session would compromise its data via this device. If the browser is closed before locking the PC, this particular exploit would fail to work.
In a broader sense, a few recommendations to protect you from hacks would include clearing your browser cache regularly, running full-disk encryption applications, and being especially mindful of suspicious USB devices plugged into your computer.