隨身碟製造商、隨身碟工廠直營、各式造型隨身碟設計開模|Xebe Global Inc. 台灣繁體 | 简中 | 香港繁體 | 日本語 | English | sitemap

Custom USB Factory

 
 
Xebe News

A USB device can steal login credentials even if the PC is locked

 

A USB device can steal login credentials even if the PC is locked

 

 

A USB device can steal login credentials even if the PC is locked

By Agan Uzunovic on September 9, 2016 

 

A USB device can steal login credentials even if the PC is locked

Image Source: Flickr / Trammell Hudson

ROGUE USB-TO-ETHERNET ADAPTERS CAN HELP ATTACKERS TO EXTRACT CREDENTIALS OF LOCKED PCS.

If your PC is locked it does not mean that your credentials and data are safe. A rogue USB-to-Ethernet adapter will help the attackers unlock computers running Windows or OS X to steal your private data. Even a $50 adapter can do the job in mere seconds, which is indeed alarming.

Usually, we lock our computer screen for a while if we need to go somewhere else, which apparently is a reasonable enough security practice. However, Rob Fuller has proved that it is not as safe as we might think.

 

Image Source: Inverse Path

 

Fuller, the R5 Industries’ principal security engineer, has identified that cyber-criminals can use a special USB device to copy the OS account password hash even if the PC is locked. It only takes seconds to do so. They can easily crack the hash later and apply it directly in conducting network attacks.

To prove his theory, Fuller used a $155 USB Armory, which is a flash-drive-sized computer device, and masqueraded it as a USB-to-Ethernet LAN adapter so that it transforms into a primary network interface. However, Fuller states that other cheaper devices like Hak5 LAN Turtle, which costs just $50 could perform the same task.

Image Source: Inverse Path  

 

The act is not as difficult at all because the OS automatically identifies and installs any new USB device including the Ethernet cards despite being in a locked state. Moreover, wired or fast Ethernet cards are configured automatically as default gateways.

So let’s assume if someone plugs in a USB-to-Gigabit-Ethernet adapter into any locked laptop running Windows OS, then the adapter will be installed and the laptop will mark it as the preferred network interface.

Using the Dynamic Host Configuration Protocol (DHCP), the OS configures the network setting whenever a new network card is installed, which means that cyber-criminals can use a rogue PC at the other side of the Ethernet cable that will pose as a DHCP server. Once this is successfully achieved, the attacker will control the Domain Name System (DNS) responses and will also configure a fake internet proxy using the Web Proxy Autodiscovery or WAPD protocol. This also hints to the fact that the attacker could get into a very privileged man-in-the-middle position to tamper or intercept the incoming network traffic on that computer.

The reason is that locked computers keep generating network traffic, which makes it easy for attackers to extract account names and hashed passwords. The entire feat could be performed in no more than 13 seconds, states Fuller.

Fuller recommends users of PCs and Laptops to never leave their workstations “logged in, especially overnight, unattended,” even if the screen is locked.

 

Watch how it’s done below:

 

 

>>Normal USB flash disk We Usually See

 

 

Get more information about  USB flash disk↓↓↓

 

  The USB you shouldn’t use. Seriously

  Do Not Pick Up and Use USB You don’t Recognize

 See What Happened When Hydraulic press VS USB DRIVE

 

【Press Here to Know More

 

(Source: HACKREAD owns the right of the article. Xebe reposts it for information shraring.)

 https://www.hackread.com/usb-device-steal-login-data-locked-pc/

 

 

 



return to list

Xebe Global Inc. All the trademarks belong to respective owners.

Tel : +886 2 2749 3188 Email : sales@xebe.com