Even worse, he designed his proof of concept using off-the-shelf, Arduino components that literally anyone can get their hands on.
He has dubbed his new attack “Poison Tap,” and it is insidious. All he has to do is plug his little USB device into any USB port on any device in your company’s network, and it’s off and running. The computer takes about thirty seconds to boot up, and another thirty seconds or so to ready its attack. After that, the device can be unplugged with no evidence that it was ever there.
The attack takes advantage of the fact that when a new device is plugged into a USB port on your network, your network finds and identifies it. In this case, the device is disguised so that your network thinks it’s an innocuous network adapter.
Once connected to your network, it opens one million invisible browser tabs which sit there silently, and completely invisible to the user. These invisible connections are back doors which can be used to send instructions and receive network information.
Any time the user on an infected machine opens a web page, the cookies and other relevant information related to that page can be re-routed to a server controlled by the hacker, giving them easy access to network information, passwords and the like.
Even worse, the software can seek out routers – even routers that aren’t normally accessible from outside the company’s firewall, and start changing DNS information, re-routing traffic, locking users out and so forth.
If there’s a silver lining to be had here, it is the fact that this attack is fairly easy to prevent. First, it requires physical access to a USB port, which makes it somewhat difficult to pull off. Second, if the user in question closes his or her web browser before locking his computer and walking away, the attack can’t even get off the ground. Nonetheless, Poison Tab is a disturbing, and potentially devastating new attack vector to be aware of.