A developer has created a $5 device that can hack into screen-locked Macs and potentially other computers as long as a web browser is left running on the desktop.

Samy Kamkar made a YouTube video showing what happens when his creation hacks into a target computer. Called a "Poison Tap", the device runs on a Raspberry Pi Zero which plugs into a computer's USB port.

locked Mac hack
Once attached to the locked and password-protected Mac, it hijacks all web traffic by posing as a standard internet connection, after which it sets about siphoning and storing the user's HTTP cookies.

The attacker can then potentially use the stolen cookie data to access websites the user visited and log-in as them without having to enter username and password information.

Speaking to the BBC, Trend Micro security researcher Rik Ferguson said the device was a plausible threat to users who frequently left their computer unattended.

[In normal circumstances] Even when you are not using a web browser it is still making requests and communicating - due to updates or ads. Once the device is plugged in it exploits that communication and steals session cookies from the top one million websites.

Two-step verification would be susceptible to the same attack, explained Ferguson, because the device is able to intercept the cookies and pretend it is already in an open session. The only way to guard against such an attack would be for websites to use an encrypted connection such as HTTPS.

Otherwise, the best solution is for users to ensure they close their browser every time they leave their Mac unattended, or else close it down completely.

Top Rated Comments

dannys1 Avatar
57 months ago
It's ok, costs more that $5 for my computer as he'll need to buy a USB-C cable...

:D:p
Score: 29 Votes (Like | Disagree)
mazz0 Avatar
57 months ago
Well, this sounded quite concerning until I got to where it says it doesn't work for https connections. Still somewhat worrying though.

Mac exploits require a certain modicum of stupidity in order to work.
What exactly is stupid about leaving your computer locked with a browser open?
Score: 11 Votes (Like | Disagree)
kstotlani Avatar
57 months ago
Mac exploits require a certain modicum of stupidity in order to work.
Speaking with experience?
Score: 6 Votes (Like | Disagree)
arkitect Avatar
57 months ago
So basically this is nothing to worry about unless you have a habit of leaving your Mac unattended in a public area. I don't know about you, but I'm not leaving my MacBook unattended anywhere!

I'm not leaving my MacBook unattended while I go the bathroom at Starbucks or anywhere else!
So in a work situation where desktops (Not portables) are left on all night? Sometimes the Mac is busy overnight rendering etc… cleaners come in… The way I see it there is potential for a problem.
Score: 5 Votes (Like | Disagree)
arkitect Avatar
57 months ago
Mac exploits require a certain modicum of stupidity in order to work.
In this case your comment seems misplaced.
What is so stupid about leaving my screen locked Mac unattended?

Not being snarky, but I am curious why you think this.
Score: 4 Votes (Like | Disagree)
saudor Avatar
57 months ago
Mac exploits require a certain modicum of stupidity in order to work.
so basically anyone that uses the "sleep" function and not physically power it down.
Score: 4 Votes (Like | Disagree)

Top Stories

samsung experience 1

Samsung's 'iTest' Lets You Try a Galaxy Device on Your iPhone

Thursday April 8, 2021 12:42 pm PDT by
Samsung has launched "iTest," an interactive website experience that's designed to allow iPhone users to test out Android on a Galaxy device, or "sample the other side," as Samsung puts it. Subscribe to the MacRumors YouTube channel for more videos. The iTest website is being advertised in New Zealand, according to a MacRumors reader who came across the feature. Visiting the iTest website on...
sonny 2021 ipad mini pro dummies

Leaked Dummy Units Show iPad Mini 6 With Thick Bezels and Home Button, New iPad Pro Models

Thursday April 8, 2021 2:11 am PDT by
Rumors suggest Apple will release refreshed versions of the iPad mini and iPad Pro models in the first half of this year, potentially as soon as this month, and a new leak today has provided us with a possible preview of what to expect in terms of the devices' overall design and camera prospects. Tech leaker and Apple blogger Sonny Dickson this morning shared images on Twitter showing dummy ...
iMessage Android featured

Apple's Rationale for Not Bringing iMessage to Android Revealed in Legal Documents

Friday April 9, 2021 2:22 am PDT by
It's no secret that Apple sees iMessage as a big enough selling point to keep the service exclusive to Apple devices, however new court filings submitted by Epic Games in its ongoing lawsuit with the company reveal just how Apple executives have rationalized their decision not to develop a version of iMessage for Android. Apple clearly recognizes the power that iMessage has to keep users...
fake airpods 3

Counterfeit 'AirPods 3' Hit the Market Prior to Official Announcement

Friday April 9, 2021 2:45 am PDT by
Apple is expected to launch the third iteration of AirPods in the third quarter of this year. Rumors and reports suggest the new AirPods will feature an updated design more in line with the AirPods Pro, but lacking in "Pro" features such as active noise cancellation. Despite AirPods 3 not yet being officially announced by Apple, counterfeit products of the unreleased earbuds have already hit ...
nba tracking prompt orange

Two-Thirds of iPhone Users Expected to Block Ad Tracking

Friday April 9, 2021 7:19 am PDT by
As many as 68 percent of iPhone users are expected to deny advertisers permission to track them thanks to Apple's App Tracking Transparency feature, in what is beginning to look like a significant blow to the advertising industry (via AdWeek). With the launch of iOS 14.5, apps will have to receive explicit user permission before accessing an iPhone's advertising identifier or IDFA, which is...
iPhone 13 Battery Life Feature

DigiTimes: iPhone 13 Pro Models to Feature 120Hz ProMotion Refresh Rate and 15-20% Less Power Consumption

Friday April 9, 2021 12:52 am PDT by
The two premium "Pro" models of the upcoming iPhone 13 lineup will be equipped with a low-power LTPO display, enabling the iPhones to have a 120Hz refresh rate, according to industry sources cited by Taiwanese publication DigiTimes. According to today's paywalled report, Apple suppliers Samsung and LG Display are in the process of converting parts of their production capacity to produce LTPO ...
ipad pro and macbook pro

iPad and MacBook Production Reportedly Delayed Due to Global Chip Shortage

Thursday April 8, 2021 2:31 am PDT by
Apple is facing a global shortage of certain components for some of its MacBook and iPad models, causing the Cupertino tech giant and its suppliers to postpone production of the products, according to a new report from Nikkei Asia. According to the report, MacBook production is being hindered due to the shortage of chips mounted onto the circuit board before final assembly, which is a key...
ehric

iPhone 12 Mini Missing From Top 5 Best Selling Smartphone List of January 2021

Friday April 9, 2021 4:58 am PDT by
According to market data compiled by Counterpoint Research, Apple's smallest iPhone since the 2016 iPhone SE, the iPhone 12 mini, struggled to obtain a spot in the top five list of best-selling smartphones in January of this year. According to the market data, the iPhone 12 mini came in eighth place for the best-selling smartphone worldwide in the first month of the year. However, the iPhone ...
tmobile 5g modem

T-Mobile Launches Unlimited 5G Home Internet for $60/Month

Wednesday April 7, 2021 2:18 pm PDT by
T-Mobile today hosted an Un-carrier event where the company announced the launch of a a new 5G home internet plan, which is priced at $60 per month and offers unlimited data. The service is available to more than 30 million Americans across much of the United States, including 10 million households in rural areas not typically able to access reliable broadband. Connectivity will be either 4G ...
apple find my network

Apple Announces Find My Network With Support for Third-Party Devices

Wednesday April 7, 2021 10:06 am PDT by
Apple today announced the launch of its Find My network accessory program, which is designed to allow third-party Bluetooth devices to be tracked in the Find My app right alongside your Apple devices. According to Apple, the first accessory companies to take advantage of the new Find My integration include Belkin, Chipolo, and VanMoof, with devices set to be available beginning next week. ...