HACKINTOSH.ORG | Macintosh discussion forums

Macintosh News => Apple News => Topic started by: HCK on November 23, 2016, 04:05:14 pm



Title: A USB dongle can hijack all your Web accounts and router in 30 seconds, even if your computer is locked
Post by: HCK on November 23, 2016, 04:05:14 pm
A USB dongle can hijack all your Web accounts and router in 30 seconds, even if your computer is locked

<article>
   <section class="page">
<p>
A proof of concept from security researcher and software developer Samy Kamkar shows that macOS, Windows, and Linux computers can have any previously active Web logins hijacked merely by plugging in a tiny Unix device via USB or Thunderbolt, even if the computer is locked and password protected, and possibly even when it seems to be asleep. It can also hijack many router brands on the same network.</p><p>
PoisonTap (https://samy.pl/poisontap/) exploits several interlocked network and browser design features, rather than relying on an operating system, hardware, or browser flaw. This will make it harder to root out and resolve. Kamkar said in an interview, “The interesting attacks to me are by design: how do you exploit the protocol rather than a single buffer overflow that gets patched the next day.”</p><p class="jumpTag"><a href="/article/3143187/security/a-usb-dongle-can-hijack-all-your-web-accounts-and-router-in-30-seconds.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article>

Source: A USB dongle can hijack all your Web accounts and router in 30 seconds, even if your computer is locked (http://www.macworld.com/article/3143187/security/a-usb-dongle-can-hijack-all-your-web-accounts-and-router-in-30-seconds.html#tk.rss_all)