Many are the projects that are being carried out on a controller the size and performance of the Raspberry Pi Zero, among them today I want to present the one that is developing Samy kamkar, a developer who has been working with small conventional devices for a long time that can be much more dangerous than we usually assume. His latest creation is PoisonTap, a software capable of turning your Raspberry Pi Zero into a lethal device for any laptop.
With this tool, as you can see in the image that is located right at the beginning of this same entry, it is only necessary to connect our peculiar tool to any USB port of a computer so that it begins to intercept all unencrypted web traffic, including authentication cookies that are used to log into all types of private accounts. All this information will then be sent to a server that, as you may be thinking, must be under our control.
PosionTap, a software capable of turning your Raspberry Pi Zero into the ultimate weapon.
Now, we are not only talking about a system capable of stealing all kinds of accounts, but it goes much further since, once the small Raspberry Pi Zero is connected to a computer, a back door is installed that makes web browser and local area network from the owner of the PC or laptop can be controlled by the attacker. As you can see, the results can be scary if you leave your computer unattended for a little while and someone decides to use this tool.
Going a little deeper into how PoisonTap works, it should be noted that it works with both Windows and macOS computers. Once the system is connected, if the software detects an open browser with a single tab, it injects a series of HTML tags that will connect it to a million websites, specifically the most popular ones on Alexa, which it will try to identify in case that, as usual, we have the automatic login activated. If this happens, all credentials will be saved by PoisonTap to transmit them to an attacker's server.
Further information: PoisonTap