Samy Kamar’s latest hack “PoisonTap,” is creating a lot of buzz on the internet and fear in the minds of IT security specialists around the world. If you’re not familiar with Samy, he’s an infamous computer hacker, possibly best known for creating and releasing the fastest spreading virus of all time, the MySpace worm “Samy”.
So, when Samy says he’s figured out a new and interesting way to hack a computer, CIOs, CISOs, and CTOs start to worry.
Samy’s PoisonTap hack utilizes a tiny $5 Raspberry Pi USB computer board running some open source software that enables a malicious hacker to plant a backdoor into virtually any computer, even if it’s locked or password protected.
Just plug the device into a computer via the USB port and in less than a minute, the software targets the victim’s web browser cache and injects some malicious code. Normally, most attackers would attempt to install malware onto the computer, but by going after just the browser cache, PoisonTap can bypass some security measures and anti-virus software.
It’s quite ingenious, and if you’d like to read more on the hack, Samy provides full details here: https://samy.pl/poisontap/
Even more interesting is the advice being suggested for protecting yourself from this attack, ranging from pouring glue or cement into your computer’s USB ports to following Microsoft's not-very-reassuring nor practical defense advice: "Avoid leaving laptops and computers unattended.”
Fortunately, there’s a much better solution: DeviceLock’s award-winning DLP software and a little common sense.
DeviceLock’s core module has been developed and refined for over 20 years and provides device and port controls that enable organizations to block any unauthorized USB device from being accessed by an endpoint computer.
When DeviceLock is set up using a “least privilege” policy approach, any device that is not explicitly “whitelisted” won’t be able to connect via the USB port. So, Samy’s PoisonTap hack would be stopped dead in its tracks.
With DeviceLock, authorized USB devices can be whitelisted by their manufacturer’s model number or unique device numbers so that they can be used. DeviceLock can also be configured to prevent any executables from being accessed from removable storage, block specified content moving to them, or limit access by hour/day, and/or to have full time read-only status.
By managing the specific devices that can be used on a computer and the types of files that can be accessed or downloaded, DeviceLock helps ensure endpoints are guarded against malicious or accidental malware introduction as well as against unauthorized outbound data breaches.
Simply stated, by deploying DeviceLock on your endpoints and by configuring access and file policies using a “least privilege” approach, the PoisonTap threat is mitigated if not eliminated. You can save the glue for your next woodworking or scrapbooking project!
If you’d like to trial the DeviceLock DLP Suite for 30 days, please visit our website at: http://www.devicelock.com/download. For more information on DeviceLock’s DLP solutions, call us at 925-231-4400 or email to us.sales (at) devicelock.com to talk to one of our endpoint security specialists.