PoisonTap: The New Danger to Your Computer

Working in the IT industry, we here at Q2Q-IT always have to be on our guard for new and innovative threats. This is integral as our computers hold so much of our private information, both in business and at home. Once again, there is a new threat on the horizon, so let’s take a look at how it works and you can protect yourself from it.

What is PoisonTap?

PoisonTap comes from the mind that brought us KeySweeper and RollJam. These infamous devices were a USB charger that stole information typed out on Microsoft wireless keyboards and a device that could open electronic car and garage doors. This new device is the latest creation that takes a seemingly innocuous object like a USB and uses it to steal information. It costs around $5 or £4 and is slotted into the USB port where it reads all unencrypted web traffic.

How Does it Work?

In a way, the device is rather elegant. It fools your PC or Mac into thinking that it is an Ethernet network, effectively high-jacking the internet connection. When an open tab tries to make a connection, the PoisonTap device inserts HTML iframe tags into the page. As the device is tricking your computer into believing it is the HTTP server for each of the top 1 million sites ranked by Alexa, it is able to receive, store and upload the non-encrypted authentication cookies used to log in to these sites.

These sites include Facebook, LinkedIn, Google, eBay, WordPress, and PayPal. As you can see, the implications are worrying for businesses and individuals. In just 60 seconds, someone with this device can simply plug it into the USB port and then walk away with passwords to these sites, sites which hold banking information and personal details.

How Can You Protect Yourself?

It all sounds pretty scary, and it is if you don’t take the necessary precautions:

1. The hacking works on the basis that you will leave your computer unattended. So, whenever possible, don’t. If you are using a laptop, take it with you or put it away in a laptop bag when leaving the room for any length of time. Make sure that if you work in a shared building, you can securely lock your computers away at night.
2. While there are ways around password protected devices, the amateur may not have the knowledge or the patience to take them on. It may not be 100% effective as a protective measure, but it is still smart to have password protection.
3. Ensure that you enable user permission access for plugging in new devices. This will make it an awful lot harder for a hacker to steal your information.
4. A longer-term solution? Be more aware of the sites you give your information to. Using HTTPS sites can go a long way to keeping your information more secure.

Of course, this is just a brief overview of one computer threat – there are many more out there and if you don’t know how to protect yourself, there can be serious consequences.

The good news is, Q2Q-IT are here to help! We have a team of experts who are highly trained in the art of keeping hackers at bay. With our IT support services, you can keep your network, business and information safe and sound. Just get in touch with us today by calling 01524 581 690 and we will be more than happy to help you build your defences.