PoisonTap, a trickster Pi Zero board, has been created by Samy Karkar. When connected to an exposed USB or Thunderbolt port, the device says to a computer that it’s an ethernet (via USB) device, not a regular USB device, and it’s a door to the entire internet.
Your innocent machine quickly believes what is said by the PoisonTap, completely unknown of its real intentions. The worst part, PoisonTap can gain access to a machine even if it’s locked – and password protected – by taking advantage of the trust factor a computer has on the ethernet devices.
Upon detecting an ethernet interface, your data hungry machine will make a switch from the regular battery-consuming WiFi to the wired internet. PoisonTap is equipped with the capabilities to assign an IP address to the fooled computer as a normal DHCP server would do. It will also tell the machine that it contains the whole IPv4 address space which is literally the entire internet if the newer IPv6 addresses are not included.
An active web browser on your computer can make efforts to connect to the false internet – powered by PoisonTap’s web server based on– to receive new data for the advertisement, analytics, and services. The USB hacking device is an unknown network interface to the machine with low priority, yet, it can hijack all the internet traffic.
PoisonTap takes about a minute to all this stuff after it is connected to a computer.
The attacker also has the privilege to exploit these backdoors remotely because they continue to exist even if the device is removed and the attacker walks away. He can also use DNS rebinding and an outbound WebSocket interface to access the internal router of the computer already exposed by the hacking device.
For servers, the protection is easy by enabling Secure flag for cookies and implementing HSTS policy.
The most useful solution suggested by Karkar is cementing the open USB and Thunderbolt ports. And he literally put a link to a cement product. Some less practical, but effective to an extent, options would be closing the web browser every time you abandon your computer. Disabling the ports would remove slightest chance of your machine being hoodwinked. An effective way is to use encrypted deep sleep mode which will disable the web browser to make any requests when PoisonTap is connected.