Lock screen = display: hacker needs only a piece of a $5 plate can invade a computer-IT news
United States developer Samy Kamkar open a video on Youtube, even if your computer is password lock screen, as long as the browser is still running in the background, through the USB interface after you insert the little Board, you can control access to your computer.
He called this little tool called "Poison Tap", raspberry (Raspberry Pi) micro-computer development, demonstrate computer Apple Mac, but Samy says the gadget can run on any platform.
Does not require the injection of additional code, just insert the USB interface, hackers gain remote control. This small development boards can collect Cookie that is stored in the user's browser containing all user record when users browse the Web, and also contains the logon information. When hackers get a Cookie, can use authorization information stored in a Cookie, users logged on the site.
According to security experts, the browser even when the lock screen, it will communicate with the remote server, mainly because the page contains a lot of advertising script, they need to be left in a connected state. External development boards can packet the hijacked computer intrusion. Even number two step validation by text message, or you can bypass.
But in fact, the break had little effect on ordinary users, if it is just in the lock screen of the computer boot, often is not running the browser, and run the browser's computer, hackers have not inserted a piece of circuit board in your computer.
锁屏=摆设:黑客仅需一块5美元开发板就能入侵电脑 - IT资讯
美国开发者Samy Kamkar在Youtube上公开了一段视频,就算你的电脑处于密码锁屏状态,只要后台浏览器依然在运行,通过USB接口插入这个小开发板之后,就可以获取到电脑的控制权。
他把这个小工具叫称为“Poison Tap”,基于树莓派(Raspberry Pi)微型电脑开发,演示电脑是苹果的Mac,但Samy表示这个小工具可以运行在任何平台上。
不需要额外的注入代码,只要插入USB接口,黑客就获取了远程控制权。这个小开发板可以收集用户浏览器中存储的Cookie,其中包含了用户浏览网页时所有的用户记录,还包含了登录信息。当黑客拿到Cookie,就能够利用Cookie中存储的授权信息,以用户的身份登陆网站。
据安全专家,浏览器即便在锁屏时,也会与远程服务器之间通信,主要是因为网页中包含了许多广告脚本,它们需要保持连接状态。外部开发板可以通过数据包劫持的方式入侵电脑。即便是通过短信号码两步验证,也可以绕过。
但其实这种破解方式对普通用户的影响不大,如果是刚开机处于锁屏状态的电脑,往往没有运行浏览器,而运行浏览器的电脑,黑客又没有机会在你的电脑上插入一块电路板。