Samy Kamkar: PoisonTap – exploiting locked computers over USB

This is brilliant and scary at the same time. I’m always impressed by what Samy can think of. This particular hack makes your computer think a plugged-in Raspberry Pi is an Ethernet device and takes over all your Internet traffic, at the same time poisoning your browser with hijacked copies of Javascripts. This works even on a machine with screen locked.

It is reminiscent of the days of CD-ROM attacks, when your computer will auto-run the contents of a CD-ROM, even when the account is locked.

Source: Samy Kamkar: PoisonTap – exploiting locked computers over USB