This is because the lock screen protects the access of a PC/laptop to unauthorized access.
He has created this ultimate hack tool calledPoisonTapusing just $5 Rasberry Pi and running on Node.js.
Once the PoisonTap is connected, the hacking tool emulates an Ethernet gadget over USB.
The PoisonTap then starts hijacking the internet traffic by taking control of IPv4 space.
Khamkar has said that cookie siphoning is possible even if the web web app is not actively used.
Furthermore, HTTPS protection is bypassed if the secure cookie flag and HSTS are not enabled.
The interesting part is that PoisonTap needed to connect only once to the target PC.
source: www.techworm.net
