Putting a password lock on your computer is a good idea if you want to keep people out from using it. It’s great against the layman and average user, but if those users were to somehow put together this $5 device created by Sam Kamkar, all the passwords in the world would be useless as it would be capable of hacking your computer in 30 seconds.
Created using a new exploit called PoisonTap, all this device uses is a piece of free software and a $5 Raspberry Pi Zero microcomputer. All the hacker needs to do is insert the device into the USB port of the computer and in about 30 seconds, the hack is complete and a backdoor has been installed on your computer.
What makes this hack even more amazing is that it isn’t even trying to crack your computer’s password using brute force methods, but rather the exploit allows it to bypass the password entirely by emulating an internet over USB device, tricking your laptop into thinking it’s connected via ethernet, after which all unencrypted web traffic will be sent to the microcontroller.
Thankfully Kamkar notes that for this hack to work, users will need to have a running browser tab open on the device first, so if you close your browser whenever you walk away from your computer, you should be safe. He also suggests that USB ports be disabled, and to go into hibernate mode as this mode suspends all processes.