A security researcher says he's created a $5 device that can hack locked Apple and Windows computers.
Samy Kamkar says his device, which he is calling “PoisonTap,” is no more expensive than the $5 Raspberry Pi mini-computer it runs off of.
The tool mimics a hardwired network, which Mac and Windows computers are designed to trust even when a computer is locked.
The fake network gives it the ability to tamper with many aspects of web browsing and web browsers, including installing backdoors in web browsers and stealing data websites stored on a computer — called cookies — that would give an attacker access to sites the user visits.
PoisonTap has impressed other researchers by being useful and uncomplicated.
Craig Smith, research director for transportation security at Rapid7, touted the device's lack of complexity, saying Kamkar's animated explanation of how it works is the trickiest part of PoisonTap.
“The brilliance of the attack is actually in its simplicity: the most complex code in PoisonTap is the beautiful HTML5 canvas animation by Ara,” he said in a written statement. “On a $5 Raspberry Pi, Samy pulled together several clever attacks that add up to something really masterful.”