'Poison Tap' USB Device Hijacks User Data From Screen-Locked Macs - MacRumors
Skip to Content

'Poison Tap' USB Device Hijacks User Data From Screen-Locked Macs

by

A developer has created a $5 device that can hack into screen-locked Macs and potentially other computers as long as a web browser is left running on the desktop.

Samy Kamkar made a YouTube video showing what happens when his creation hacks into a target computer. Called a "Poison Tap", the device runs on a Raspberry Pi Zero which plugs into a computer's USB port.

locked Mac hack
Once attached to the locked and password-protected Mac, it hijacks all web traffic by posing as a standard internet connection, after which it sets about siphoning and storing the user's HTTP cookies.

The attacker can then potentially use the stolen cookie data to access websites the user visited and log-in as them without having to enter username and password information.

Speaking to the BBC, Trend Micro security researcher Rik Ferguson said the device was a plausible threat to users who frequently left their computer unattended.

[In normal circumstances] Even when you are not using a web browser it is still making requests and communicating - due to updates or ads. Once the device is plugged in it exploits that communication and steals session cookies from the top one million websites.

Two-step verification would be susceptible to the same attack, explained Ferguson, because the device is able to intercept the cookies and pretend it is already in an open session. The only way to guard against such an attack would be for websites to use an encrypted connection such as HTTPS.

Otherwise, the best solution is for users to ensure they close their browser every time they leave their Mac unattended, or else close it down completely.

Top Rated Comments

dannys1 Avatar
dannys1
125 months ago
It's ok, costs more that $5 for my computer as he'll need to buy a USB-C cable...

:D:p
Score: 29 Votes (Like | Disagree)
mazz0 Avatar
mazz0
125 months ago
Well, this sounded quite concerning until I got to where it says it doesn't work for https connections. Still somewhat worrying though.

Mac exploits require a certain modicum of stupidity in order to work.
What exactly is stupid about leaving your computer locked with a browser open?
Score: 11 Votes (Like | Disagree)
K
kstotlani
125 months ago
Mac exploits require a certain modicum of stupidity in order to work.
Speaking with experience?
Score: 6 Votes (Like | Disagree)
arkitect Avatar
arkitect
125 months ago
So basically this is nothing to worry about unless you have a habit of leaving your Mac unattended in a public area. I don't know about you, but I'm not leaving my MacBook unattended anywhere!

I'm not leaving my MacBook unattended while I go the bathroom at Starbucks or anywhere else!
So in a work situation where desktops (Not portables) are left on all night? Sometimes the Mac is busy overnight rendering etc… cleaners come in… The way I see it there is potential for a problem.
Score: 5 Votes (Like | Disagree)
S
saudor
125 months ago
Mac exploits require a certain modicum of stupidity in order to work.
so basically anyone that uses the "sleep" function and not physically power it down.
Score: 4 Votes (Like | Disagree)
arkitect Avatar
arkitect
125 months ago
Mac exploits require a certain modicum of stupidity in order to work.
In this case your comment seems misplaced.
What is so stupid about leaving my screen locked Mac unattended?

Not being snarky, but I am curious why you think this.
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

Aston Martin CarPlay Ultra Screen

Apple Says CarPlay Ultra is Coming to These Vehicle Brands

Thursday May 21, 2026 11:53 am PDT by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly a year later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. CarPlay Ultra...
Read Full Article
ios 26 iphone 16 pro lock screen notifications feature 1

iOS 27 Notifications Will Slide in From Left Side of Your iPhone's Screen

Friday June 5, 2026 7:24 am PDT by
Bloomberg's Mark Gurman today revealed another iOS 27 change: notifications will slide in from the left side of the screen instead of from the top. In addition, accessing Notification Center on iOS 27 will require swiping down on the top-left corner of the screen. If you swipe down on the Dynamic Island area, a new "Search or Ask" interface tied to the revamped Siri will appear, instead of...
Read Full Article88 comments
WWDC26 Mock Feature 2

Will Apple Launch New Hardware at WWDC Next Week?

Friday June 5, 2026 7:56 am PDT by
Apple has several hardware releases in the pipeline, but will we see any of them unveiled at this year's Worldwide Developers Conference? WWDC is primarily a software event where new versions of iOS, iPadOS, macOS, watchOS, tvOS, and visionOS take center stage, but it's not unusual for Apple to introduce new hardware during the developer conference. Take WWDC 2017, for example, where Apple...
Read Full Article79 comments