Just when you thought you were safe by configuring a password to lock your computer. Not anymore. Having physical access to your computer, someone with a $5 device can unlock your machine in 30 seconds. Dubbed PoisonTap, the new exploit tool runs freely available software on a tiny $5 Raspberry Pi Zero microcomputer, which is attached to a USB adapter. Once you plug in the device, it emulates a network connection and executes a man-in-the-middle attack to intercept all unencrypted Web traffic, transmitting data to a server controlled by the attacker. Obviously, restricting physical access will help, but there are some other things you can do to minimize your exposure.
- Setting your computers to hibernate rather than sleep which suspends all processes on the computer.
- Closing all web browsers every time you walk away from your computer.
- Patiently clearing browser's cache.
- Using full-disk encryption applications (for e.g. FileVault 2) in combination with "deep sleep" mode.
- Simply disabling your USB port.