No, a locked computer cannot be hacked by a Pi 0.

download.jpgSamy Kamkar created a tool called PoisonTap that runs of a Raspberry Pi 0 and the article blows its abilities out of the water before slowly reducing it to nothing. It starts out claiming it can “hack a locked computer” but they soon amend this to include “with a browser open in the background”. They even go so far as to claim it will give attackers access to your router and launch other attacks from that platform.

Supposedly the device can be plugged in, wait a minute, be unplugged and its done. They even go so far as to say you need no knowledge to use it. Problem is it doesn’t give the user simple info or even usable for that matter unless the common person suddenly has software to inspect cookies.

Now on to the actual work it does. The Pi 0 emulates a network device and so the computer will send it the network traffic. It then will hunt down all cookies involved with non HTTPS sites and gather them. That is all it does. So no it does not hack your computer. Most important sites run as HTTPS so most cookies are not in danger.

This is not even remotely an effective attack method. In the article the business security side comes up but the problem is due to it being a work environment most users will not even lock the systems so why not just access the PC directly. Better yet install a physical keylogger so that you can get HTTPS info also. Another problem with it is that it needs a browser open to work, and with a locked PC you would never know until you started looking through the Pi’s files at a later point so to be effective you need to hit many devices. Another problem is best practices in the security field would prevent this from ever happening.

Ending note: a USB rubber ducking would be a better idea as it can do so much more.

Evan Delmolino –


Mokes, Any OS, Any Time!

A recent article by Swati Khandelwal on The Hacker News reports a new form of malware that is taking hold of many machines. Mokes, as it has been dubbed, has been found by Kaspersky to be able to infect all the major operating systems. The article focuses on the mac side of it as it was the part lastly discovered.



This form of malware creates a backdoor that can capture camera and keyboard inputs as well as take screenshots every thirty seconds. It also reportedly has the ability to search for word document files with a range of extensions. It even has the ability to monitor USB removal and insertion.

It runs off of Qt, a framework of C++ meant to be used for cross platform applications. It connects back a control and command server over AES-256 encryption, a very secure method. In part of its exploit it can take control of the terminal and send it commands.

It has been reported that upon infection of a Mac it will copy itself to parts of the filesystem belonging to Skype, Google, Firefox, and even Dropbox. The Linux variant is much less spread out and lacks Google and Skype.

The overall spread of this malware has yet to be discovered. It is clearly a very complex program but is not believed to be state funded nor is it being claimed by any large group.


-Evan Delmolino edd1717