From iOS and OS X security issues that forced Apple to push out an important update this past week, to this vulnerability in both Windows and OS X, goes to show how hackers keep expanding their arsenal everyday. In this article a simple USB stick can be inserted into a computer (even when locked) and will mount onto the computer obtaining the password within seconds and unmount. The way it works is when the USB stick is plugged in it starts up a DHCP server which is recognized by the computer as an Ethernet adapter. This then monitors traffic and since it is considered a local network it is trusted. The authentication services are then able to put the password on the USB key which can then later be deciphered.
Article Link
https://www.engadget.com/2016/09/08/usb-device-pc-login-theft/
Video Link:
https://www.youtube.com/watch?v=Oplubg5q7ao
Loi Van Tran says
Thanks for the post Ioannis.
This goes back to our earlier discussion of ensuring that you have physical security of your devices, especially if you have a work computers out in a cafe-type setting. It might seem harmless to leave your computer momentarily to get or drink or use the restroom, but as you can see it only takes a few seconds for somebody to obtain unauthorized data. I wonder how long it would take them to decrypt the login credentials. Even after obtaining the credentials the attacker will still need access to the physical device to be able to do any real harm.
Wade Mackey says
An important point to get from the article is that locking the PC or Mac is no guarantee of protection. The tool steals credentials even from a screen locked machine. Even better, there is no need to “Decrypt” anything. what the USB stick gets is what the network is expecting. No need to understand it, just use it. If interested, just look up “pass the hash”, it is essentially what this tool enables.
Wade
Mengqi He says
Ioannis, it’s an interesting article. From the video I found that it only took less than 30 seconds to obtain password. Rather than individuals, I think companies should pay more attention to this. Although most companies require employees to lock their screen when they are leaving, it seems not enough now cause obtaining login password is just so easy. If this is used on a business computer, like CEO’s computer, confidential files and data without other protection will be easily accessed. The data breach will be a great problem to the company, and attackers can make money by selling the company’s confidential data. It looks like it is so easily that even people without technical experience can do it by just plugging in the USB device.